[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall log messages

I did a little bit of research, and it appears to be a
known bug in some tcp stack or another. Nobody seems to
know exactly where it's comming from, but the feeling is
that it's not malicious. Check out the following link (and
it's follow up messages) for more info, as well as a fix of
sorts.

http://lists.samba.org/pipermail/samba/2000-September/024636.html

(BTW- Other messages on the subject seem to confirm that
it's basically a software bug in somebody else's computer).

On Thu, Apr 19, 2001 at 04:25:34PM -0400, Noah L. Meyerhans wrote:
> On Thu, Apr 19, 2001 at 03:21:14PM -0500, John Patton wrote:
> > Whoops... what was I thinking??? udp port 513 is the who
> > service, which could conceivably be used for malicious
> > purposes. None-the-less, silently denying messages not
> > intended for you will still solve that part of the problem.
> 
> Well, except for the fact that the message *originated* from him.  I
> suspect he installed rwhod without realizing (or is it rstatd?  I don't
> remember, having purged them long ago).  I almost made the same mistake
> that you did, not realizing at first that the packets originated on his
> machine.  Had that not been the case then ignoring the packets
> completely would make the most sense.

-- 
John Patton                      patton66@home.com
Get my GnuPG public key: finger john@24.22.215.225

"An egotist is a person of low taste- more interested
in himself than in me."  - Ambrose Bierce
Reply to: