[Dshield] Please help me and oplogies for the haste of my question but I have been so much hurt trough hacking one day...

Bjørn Ruberg bjorn at ruberg.no
Tue Nov 26 15:08:02 GMT 2002


> Nov 26 14:13:03 MYPC kernel: IN=eth0 OUT=
> MAC=00:02:e3:20:f0:43:00:05:74:f6:60:54:08:00 SRC=66.70.82.80 DST=MY IP
> LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12012 DF PROTO=TCP SPT=38933 DPT=113
>  WINDOW=5840 RES=0x00 SYN URGP=0
>
> Nov 26 14:15:07 MY PC  kernel: IN=eth0 OUT=
> MAC=00:02:e3:20:f0:43:00:05:74:f6:60:54:08:00 SRC=148.245.149.33 DST=MY
> IP  LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=9765 DF PROTO=TCP SPT=49971
> DPT=443  WINDOW=5840 RES=0x00 SYN URGP=0
>
>
> Guys I need your help could you please tell me if that report generated
> by my  Linux Firewall Log is ctually showing an intrusion ?

That depends on whether you actually drop this traffic or if you just log.
If you drop, sit back and relax - your firewall is actually doing its job.

Port 113 is ident requests, and you should either allow them (not
dangerous) or reject them. Dropping them leads to several internet based
services either waiting a long time for a response (e.g. FTP) or right out
denying access (e.g. IRC).

Port 443 is HTTPS requests. Don't see why you should get them, it's
probably just a probe for locating HTTPS sites with old SSL libs.

> My Pc is much slower, applications hang.
> I need your help on dicephering that message please ( if only Linux
> would be  a wee, justna wee bit friendlier...."

Learn how to read iptables logs.

http://logi.cc/linux/netfilter-log-format.php3 is a good URL.


"Give a man a fish and he has food for one day. Teach a man how to fish
 and he will spend day after day in a boat drinking beer"


Regards,

Bjørn





More information about the list mailing list