1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Decoding iptables message
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Decoding%20iptables%20message&In-Reply-To=%3C4FF46DF5.6050007%40kde.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="017137.html">
<LINK REL="Next" HREF="017132.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Decoding iptables message</H1>
<B>Anne Wilson</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Decoding%20iptables%20message&In-Reply-To=%3C4FF46DF5.6050007%40kde.org%3E"
TITLE="[Mageia-dev] Decoding iptables message">annew at kde.org
</A><BR>
<I>Wed Jul 4 18:23:17 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="017137.html">[Mageia-dev] Decoding iptables message
</A></li>
<LI>Next message: <A HREF="017132.html">[Mageia-dev] qt problems on mga2 updates_testing
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17140">[ date ]</a>
<a href="thread.html#17140">[ thread ]</a>
<a href="subject.html#17140">[ subject ]</a>
<a href="author.html#17140">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/07/12 15:42, Pascal Terjan wrote:
><i> On Wed, Jul 4, 2012 at 4:07 AM, Anne Wilson <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">annew at kde.org</A>> wrote:
</I>>><i> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
</I>>><i>
</I>>><i> Could someone please tell me what to look for, and where, to
</I>>><i> solve this puzzle?
</I>><i>
</I>><i> Where do this message come from? I have never seen any such
</I>><i> messages for iptables drops.
</I>
I run logwatch, which is where I found this report.
><i>
</I>>><i> - --------------------- iptables firewall Begin
</I>>><i> ------------------------
</I>>><i>
</I>>><i>
</I>>><i> Listed by source hosts: Dropped 9 packets on interface eth0 From
</I>>><i> 192.168.0.40 - 9 packets to tcp(38575)
</I>>><i>
</I>>><i> ---------------------- iptables firewall End
</I>>><i> -------------------------
</I>>><i>
</I>>><i> The machine in question is my mail/file/print server, running a
</I>>><i> secondary firewall inside the NAT router. Port 38575 appears to
</I>>><i> be unassigned, and I've only seen such messages for the last
</I>>><i> couple of days.
</I>><i>
</I>><i> Which machine in question? The one displaying this message or
</I>><i> 192.168.0.40?
</I>><i>
</I>192.168.0.40 is the mail/file/print server, running Scientific Linux
6.2. Come to think of it, it sounds as though this laptop (Tosh) is
reporting that the server is sending packets on 38575 to Tosh. I've
been through the main logs on the server, though, and can't find
anything significant, which is why I'm feeling a bit stuck.
>><i> I'm pretty sure that the server hasn't been _directly_ used, i.e.
</I>>><i> with login to actual physical box, during that time, so the
</I>>><i> likelihood seems to be some service other systems on the LAN are
</I>>><i> calling for something.
</I>>><i>
</I>>><i> Any ideas about how to go about tracing this? I can't find it in
</I>>><i> any of the logs on the server. I'm working on the logs on the
</I>>><i> laptops.
</I>
Anne
- --
Need KDE help? Try
<A HREF="http://userbase.kde.org">http://userbase.kde.org</A> or
<A HREF="http://forum.kde.org">http://forum.kde.org</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A>
iEYEARECAAYFAk/0bfMACgkQj93fyh4cnBfaCQCfcusYiV8l2M26Mf/nwegpr3ds
hiMAnRTFddMiFUxEV/798QxSHndQDj4z
=sF+A
-----END PGP SIGNATURE-----
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="017137.html">[Mageia-dev] Decoding iptables message
</A></li>
<LI>Next message: <A HREF="017132.html">[Mageia-dev] qt problems on mga2 updates_testing
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17140">[ date ]</a>
<a href="thread.html#17140">[ thread ]</a>
<a href="subject.html#17140">[ subject ]</a>
<a href="author.html#17140">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
