20 Nov
2002
20 Nov
'02
10:56
On 19 Nov 2002, Fabio Sena wrote:
Nov 19 14:31:10 fwpro kernel: SuSE-FW-DROP-ANTI-SPOOF IN=ppp0 OUT= MAC= SRC=10.10.40.251 DST=255.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=1185 PROTO=UDP SPT=138 DPT=138 LEN=209 Nov 19 14:31:10 fwpro kernel: SuSE-FW-DROP-ANTI-SPOOF IN=ppp0 OUT= MAC= SRC=10.10.40.251 DST=255.255.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=1185 PROTO=UDP SPT=137 DPT=137 LEN=209
there is nothing special. After you've authentificated successful, the remote server send NetBIOS broadcasts (you know: Network Neighborhood etc.). If you allow that your host will be listed there, allow these ports, otherwise it might be wise to just reject but not log them. Achim