I'm getting continuous messages of the following nature in my logs: kernel: e100: eth0 NIC Link is Up 100 Mbps Full duplex kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xxx.xxx.xxx DST=xx.xxx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=36690 DF PROTO=TCP SPT=3910 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) I'm assuming that the package from my ISP to port 135, is an answer to the sudden link hicking on eth0. Has anyone any information about this? Weather this is something common with e100 cards?
On 10/02/2003 02:01 AM, Örn E. Hansen wrote:
I'm getting continuous messages of the following nature in my logs:
kernel: e100: eth0 NIC Link is Up 100 Mbps Full duplex kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xxx.xxx.xxx DST=xx.xxx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=36690 DF PROTO=TCP SPT=3910 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
I'm assuming that the package from my ISP to port 135, is an answer to the sudden link hicking on eth0. Has anyone any information about this? Weather this is something common with e100 cards?
Why is your firewall accepting connections to port 135, especially on your external interface? First, CLOSE that port. This means there is a Windows 2000 or XP machine in your subnet infected with the MSBlaster worm. That worm can spew out thousands of scans very quickly, looking for other infectable machines. You are running Linux and thus not vulnerable to the attacks, BUT by accepting at that port you allow traffic that basically results in a DOS. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
participants (2)
-
Joe Morris (NTM) -
Örn E. Hansen