![](https://seccdn.libravatar.org/avatar/d48e0fab41b188849be0dfd65aaa07a2.jpg?s=120&d=mm&r=g)
On Sunday 25 July 2004 11:24 am, Bob wrote:
Since some time I see my syslogs polluted with messages like the following (more or less - I hide my IP by x's and MAC address by y's): Jul 25 18:18:58 xxxxx kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=yyyy SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=63989 DF PROTO=TCP SPT=3245 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What does it mean ? Is my ethernet card malfunctioning ?
It means SuSEFirewall (SFW2) is working and has dropped someone trying to go into your port 135 using TCP protocol. Do a whois, from root, on the SRC ip to see where the stuff came from. If you want to know all the good and gory details, look into shorewall.net and read Tom Eastep's documentation. His stuff is pretty easy to understand and has some pretty pictures. ra