Re: newbie iptables question
Phillip Hofmeister <email@example.com> wrote in message news:<2sWMo-4SLfirstname.lastname@example.org>...
> It is saying a rule matched. Doesn't say what you did with the packet
> though, just tells you about the packet. If you want to know what you
> did with it you would need to include a log-prefix in your iptables
> Here is what we know:
> Interface Traffic came IN on: ppp0
> The IP Address the traffic came from is: 22.214.171.124
> THE IP Address it was destined to: 126.96.36.199
> The length of the packet was: 53 bytes
> The Type of Service flag was set to null (00)
> The SYN flag was set, this was a connection attempt
> The IP ID Field (for IP Fragmentation) was: 19155
> The layer 4 protocol was: TCP
> The layer 4 port was (source): 4346
> The layer 4 port destination was: 445
> The size of the TCP Window was: 16384 bytes
> Shorter version: Someone from 188.8.131.52 tried to connect to
> 184.108.40.206 (presumably you) on port 445 via interface ppp0. We cannot
> deduce what action was taken by your computer because you (or your
> IPTABLES Interface program) did not log this. It is for this reason I
> run my own IPTABLES script and edit it by hand (pretty
> masochistic....huh?). My guess is this packet was related to an
> automated attack (worm).
This is all great. I do want to thank you and Martin and S. Keeling
(esp.) and Bernd--you've all been very helpful.
Some of the information from this group has led me to a new study list!
-- look at Bastille
-- look at firehol and/or firestarter
-- re-read all the Debian security docs
Lists and newsgroups are the way to go!