[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: newbie iptables question

Phillip Hofmeister <plhofmei@antiochcomputerconsulting.com> wrote in message news:<2sWMo-4SL-7@gated-at.bofh.it>...
> It is saying a rule matched.  Doesn't say what you did with the packet
> though, just tells you about the packet.  If you want to know what you
> did with it you would need to include a log-prefix in your iptables
> scripts.
> 
> Here is what we know:
> 
> Interface Traffic came IN on: ppp0
> The IP Address the traffic came from is: 83.36.139.197
> THE IP Address it was destined to: 12.65.24.43
> The length of the packet was: 53 bytes
> The Type of Service flag was set to null (00)
> The SYN flag was set, this was a connection attempt
> The IP ID Field (for IP Fragmentation) was: 19155
> The layer 4 protocol was: TCP
> The layer 4 port was (source): 4346
> The layer 4 port destination was: 445
> The size of the TCP Window was: 16384 bytes
> 
> Shorter version: Someone from 83.36.139.197 tried to connect to
> 12.65.24.43 (presumably you) on port 445 via interface ppp0.  We cannot
> deduce what action was taken by your computer because you (or your
> IPTABLES Interface program) did not log this.  It is for this reason I
> run my own IPTABLES script and edit it by hand (pretty
> masochistic....huh?).  My guess is this packet was related to an
> automated attack (worm).
> 

Phillip, 

This is all great. I do want to thank you and Martin and S. Keeling
(esp.) and Bernd--you've all been very helpful.

Some of the information from this group has led me to a new study list!
-- look at Bastille
-- look at firehol and/or firestarter
-- re-read all the Debian security docs

Lists and newsgroups are the way to go!

-- 
Wanda
Reply to: