diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-July/017140.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-July/017140.html | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-July/017140.html b/zarb-ml/mageia-dev/2012-July/017140.html new file mode 100644 index 000000000..83ba7d6ef --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017140.html @@ -0,0 +1,149 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Decoding iptables message + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Decoding%20iptables%20message&In-Reply-To=%3C4FF46DF5.6050007%40kde.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="017137.html"> + <LINK REL="Next" HREF="017132.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Decoding iptables message</H1> + <B>Anne Wilson</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Decoding%20iptables%20message&In-Reply-To=%3C4FF46DF5.6050007%40kde.org%3E" + TITLE="[Mageia-dev] Decoding iptables message">annew at kde.org + </A><BR> + <I>Wed Jul 4 18:23:17 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="017137.html">[Mageia-dev] Decoding iptables message +</A></li> + <LI>Next message: <A HREF="017132.html">[Mageia-dev] qt problems on mga2 updates_testing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17140">[ date ]</a> + <a href="thread.html#17140">[ thread ]</a> + <a href="subject.html#17140">[ subject ]</a> + <a href="author.html#17140">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +On 04/07/12 15:42, Pascal Terjan wrote: +><i> On Wed, Jul 4, 2012 at 4:07 AM, Anne Wilson <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">annew at kde.org</A>> wrote: +</I>>><i> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +</I>>><i> +</I>>><i> Could someone please tell me what to look for, and where, to +</I>>><i> solve this puzzle? +</I>><i> +</I>><i> Where do this message come from? I have never seen any such +</I>><i> messages for iptables drops. +</I> +I run logwatch, which is where I found this report. +><i> +</I>>><i> - --------------------- iptables firewall Begin +</I>>><i> ------------------------ +</I>>><i> +</I>>><i> +</I>>><i> Listed by source hosts: Dropped 9 packets on interface eth0 From +</I>>><i> 192.168.0.40 - 9 packets to tcp(38575) +</I>>><i> +</I>>><i> ---------------------- iptables firewall End +</I>>><i> ------------------------- +</I>>><i> +</I>>><i> The machine in question is my mail/file/print server, running a +</I>>><i> secondary firewall inside the NAT router. Port 38575 appears to +</I>>><i> be unassigned, and I've only seen such messages for the last +</I>>><i> couple of days. +</I>><i> +</I>><i> Which machine in question? The one displaying this message or +</I>><i> 192.168.0.40? +</I>><i> +</I>192.168.0.40 is the mail/file/print server, running Scientific Linux +6.2. Come to think of it, it sounds as though this laptop (Tosh) is +reporting that the server is sending packets on 38575 to Tosh. I've +been through the main logs on the server, though, and can't find +anything significant, which is why I'm feeling a bit stuck. + +>><i> I'm pretty sure that the server hasn't been _directly_ used, i.e. +</I>>><i> with login to actual physical box, during that time, so the +</I>>><i> likelihood seems to be some service other systems on the LAN are +</I>>><i> calling for something. +</I>>><i> +</I>>><i> Any ideas about how to go about tracing this? I can't find it in +</I>>><i> any of the logs on the server. I'm working on the logs on the +</I>>><i> laptops. +</I> +Anne +- -- +Need KDE help? Try +<A HREF="http://userbase.kde.org">http://userbase.kde.org</A> or +<A HREF="http://forum.kde.org">http://forum.kde.org</A> +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) +Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A> + +iEYEARECAAYFAk/0bfMACgkQj93fyh4cnBfaCQCfcusYiV8l2M26Mf/nwegpr3ds +hiMAnRTFddMiFUxEV/798QxSHndQDj4z +=sF+A +-----END PGP SIGNATURE----- +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="017137.html">[Mageia-dev] Decoding iptables message +</A></li> + <LI>Next message: <A HREF="017132.html">[Mageia-dev] qt problems on mga2 updates_testing +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#17140">[ date ]</a> + <a href="thread.html#17140">[ thread ]</a> + <a href="subject.html#17140">[ subject ]</a> + <a href="author.html#17140">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |