From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-July/017140.html | 149 +++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-July/017140.html (limited to 'zarb-ml/mageia-dev/2012-July/017140.html') diff --git a/zarb-ml/mageia-dev/2012-July/017140.html b/zarb-ml/mageia-dev/2012-July/017140.html new file mode 100644 index 000000000..83ba7d6ef --- /dev/null +++ b/zarb-ml/mageia-dev/2012-July/017140.html @@ -0,0 +1,149 @@ + + + + [Mageia-dev] Decoding iptables message + + + + + + + + + +

[Mageia-dev] Decoding iptables message

+ Anne Wilson + annew at kde.org +
+ Wed Jul 4 18:23:17 CEST 2012 +

+
+ +
-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+On 04/07/12 15:42, Pascal Terjan wrote:
+> On Wed, Jul 4, 2012 at 4:07 AM, Anne Wilson <annew at kde.org> wrote:
+>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
+>> 
+>> Could someone please tell me what to look for, and where, to
+>> solve this puzzle?
+> 
+> Where do this message come from? I have never seen any such
+> messages for iptables drops.
+
+I run logwatch, which is where I found this report.
+> 
+>> - --------------------- iptables firewall Begin
+>> ------------------------
+>> 
+>> 
+>> Listed by source hosts: Dropped 9 packets on interface eth0 From
+>> 192.168.0.40 - 9 packets to tcp(38575)
+>> 
+>> ---------------------- iptables firewall End
+>> -------------------------
+>> 
+>> The machine in question is my mail/file/print server, running a 
+>> secondary firewall inside the NAT router.  Port 38575 appears to
+>> be unassigned, and I've only seen such messages for the last
+>> couple of days.
+> 
+> Which machine in question? The one displaying this message or
+> 192.168.0.40?
+> 
+192.168.0.40 is the mail/file/print server, running Scientific Linux
+6.2.  Come to think of it, it sounds as though this laptop (Tosh) is
+reporting that the server is sending packets on 38575 to Tosh.  I've
+been through the main logs on the server, though, and can't find
+anything significant, which is why I'm feeling a bit stuck.
+
+>> I'm pretty sure that the server hasn't been _directly_ used, i.e.
+>> with login to actual physical box, during that time, so the
+>> likelihood seems to be some service other systems on the LAN are
+>> calling for something.
+>> 
+>> Any ideas about how to go about tracing this?  I can't find it in
+>> any of the logs on the server.  I'm working on the logs on the
+>> laptops.
+
+Anne
+- -- 
+Need KDE help? Try
+http://userbase.kde.org or
+http://forum.kde.org
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
+
+iEYEARECAAYFAk/0bfMACgkQj93fyh4cnBfaCQCfcusYiV8l2M26Mf/nwegpr3ds
+hiMAnRTFddMiFUxEV/798QxSHndQDj4z
+=sF+A
+-----END PGP SIGNATURE-----
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1