Re: Strange net problem (MAC-adress?)
* Antony Gelberg (antony@antgel.co.uk) wrote:
> On Sun, Aug 10, 2003 at 08:16:38PM +0200, ZekeVarg wrote:
> > When I log out from X to install nvidia-driver I get a very strange
> > problem,this lines keep appering over and over again:
> >
> > IN=eth0 OUT= MAC= SRC="my ipnumber" DST="my ipnumber" LEN=140 T OS=0x00
> > PREC=0x00 TIL=64 ID=0 DF PROTO=UDP SPT=138 DTP=138 LEN=257
> >
> > Could it have something to do with the lokkit firewall setup?
> > Running a consol under X is no problem.
> > --
> > ZekeVarg <ZekeVarg@linux.se>
>
> It's an iptables output message, so it is firewall-related. I think
> port 138 is a Microsoft Networking thing. Do you have Samba installed?
> Anyway, probably nothing to worry about.
Something make me trouble in this line.
In fact, samba seem to be installed.
This looks like an attack : a cracker spoof the target with it's own ip
(ip src and dst are target's ip),
and send a request to the well known ip ports of windows(r)(c)(tm)(...)
sharing system. And the target system answer... to itself and make
recursive answers. The goal : lock the remote system.
But you are protected for this attack because netfilter (iptables is just
a configuration tool who talk to netfilter) had locked this kind of
connection.
Sorry for my very bad english level, but I hope I had help you to
clearify the situation.
Reply to: