[Dshield] Question about logging from Linux and security newbie
MGehrls at bethanypress.com
Mon Oct 21 14:22:07 GMT 2002
I am taking over responsibility of our firewall at work and to that end I
figured I should set up a real one at home for more experience of what is
really going on...(moved out my Linksys and put up a box with RH7.3 and
Iptables, cable modem and dynamic IP)
The first thing that happened is that my log started filling up with all
sorts of broadcast and multicast stuff...
First, is there a security concern from any of this?
If not, how do I drop it so my logs don't fill up and I can start submitting
again without the clutter?
The multicast stuff... easy to DROP, but the broadcast stuff comes to all
sorts of different ports (111, 520, 2222, 9999, 21789, etc) I've nmap back
to a couple of them and some are my ISP's routers, but others are windows
and Linux boxes.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list