Sylog Error Messages
Friends,
I'm running stable and I have portsentry, firestarter, chkrootkit and
logcheck installed on my machine. Whilst checking my logs I see loads of
these entries:-
Feb 6 15:05:10 kingston kernel: IN=eth0 OUT= MAC= SRC=100.100.100.100
DST=100.100.100.255 LEN=273 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=138 DPT=138 LEN=253
as you can see i've changed the ip addresses (to protect the innocent) the
interesting thing is that the SRC address is my ip and the DST appears to be
a broadcast address .255 (is that right?). what is it that my machine wants
to broadcast to the network. Also I find loads of these:-
Feb 6 15:30:15 kingston kernel: IN=eth0 OUT=
MAC=00:40:7b:6e:61:3b:00:30:94:9c:aa:a8:08:00 SRC=193.38.113.34 DST=<MY IPP>
LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=52382 DF PROTO=TCP SPT=43030 DPT=25
WINDOW=5840 RES=0x00 SYN URGP=0
How do I interpret this? I believe it is the usual dipstick (idiot) of a
portscanner. what do the last few fields mean (window, res, syn urgp)?
Have I been Bill Clinton'd (compromised)?
I've run chkrootkit and it says everything is ok. I have googled and found
similiar information but they were against ports 137/138 which is netbios
(IIRC). Your guidance is greatfully received.
regards
Leo
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends
http://messenger.msn.co.uk
Reply to: