Hi All, I am running Suse 9 with Squid and Iptables on my LAN for sharing the Internet, all is well but I see a logging on my console abt Messages supressed, I understand these are dropped packets from the kernel, what causes this to come?When i run ethereal I see there are a loads of spoofed packets on the Network ?Are these errors bcos of these spooed packets?If yes How do I go abt removing them ? I know Windows is a Pain, but I cant help I run a public place and all my workstations are Windows Clients, I have read on the forums that these spooefed packets are a result of some Blaster type virus on these clients...but all my windows machines are updated with the latest patches and also I have a poerful virus sacnner!! But still these problems... Help will be really apprecaited Regards Harish "In all this world, there is only you When all else ceases, there is only you" -- to my MASTER! Harish harish@sabnanis.com harishsabnani@cyberhutoman.com
Harry wrote:
Hi All,
I am running Suse 9 with Squid and Iptables on my LAN for sharing the Internet, all is well but I see a logging on my console abt Messages supressed, I understand these are dropped packets from the kernel, what causes this to come?When i run ethereal I see there are a loads of spoofed packets on the Network ?Are these errors bcos of these spooed packets?If yes How do I go abt removing them ? I know Windows is a Pain, but I cant help I run a public place and all my workstations are Windows Clients, I have read on the forums that these spooefed packets are a result of some Blaster type virus on these clients...but all my windows machines are updated with the latest patches and also I have a poerful virus sacnner!! But still these problems...
Can you say more about what these messages are and where you see them? For example, the following is typical of my /var/log/messages Aug 17 10:57:55 uyea kernel: SFW2-INext-DROP-NEW-CONNECT IN=ippp0 OUT= MAC= SRC=213.122.3.75 DST=213.122.39.166 LEN=48 TOS=0x00 PREC=0x00 T TL=126 ID=35467 DF PROTO=TCP SPT=2381 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) Aug 17 10:57:56 uyea kernel: SFW2-INext-DROP-NEW-CONNECT IN=ippp0 OUT= MAC= SRC=213.122.28.142 DST=213.122.39.166 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=17535 DF PROTO=TCP SPT=4628 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) This just means that the packet filter has dropped a couple of packets. The clue to what causes them is DPT. A quick google reveals that 135 and 445 are well-known M$ security holes. So the computers on 213.122.3.75 and 213.122.28.142 are most probably infected with some sort of Windows transmitted disease. The packets never get anywhere on your computer and you can safely ignore them. -- JDL
On 17.08.04,13:16, Harry wrote:
Hi All,
I am running Suse 9 with Squid and Iptables on my LAN for sharing the Internet, all is well but I see a logging on my console abt Messages supressed, I understand these are dropped packets from the kernel, what causes this to come?When i run ethereal I see there are a loads of spoofed packets on the Network ?Are these errors bcos of these spooed packets?If yes How do I go abt removing them ? I know Windows is a Pain, but I cant help I run a public place and all my workstations are Windows Clients, I have read on the forums that these spooefed packets are a result of some Blaster type virus on these clients...but all my windows machines are updated with the latest patches and also I have a poerful virus sacnner!! But still these problems...
Help will be really apprecaited
Regards
Harish
Do you have NetBIOS installed on the Windows clients? Filter the NetBIOS
packets in your firewall or remove it from the clients if you don't need
it.
http://support.microsoft.com/default.aspx?scid=kb;en-us;269239&sd=tech
- Jostein
--
Jostein Berntsen
participants (3)
-
Harry
-
John Lamb
-
Jostein Berntsen