[Firehol-support] Re: DHCP Log Messages - Please HELP!
Daniel Pittman
daniel at rimspace.net
Thu Aug 25 01:57:21 BST 2005
cougar <c0ugar7i8 at comcast.net> writes:
> On Aug 24, 2005, at 02:22 AM, Daniel Pittman wrote:
>> cougar <c0ugar7i8 at comcast.net> writes:
>>> On Aug 23, 2005, at 23:43 PM, Daniel Pittman wrote:
>>>> cougar <c0ugar7i8 at comcast.net> writes:
>>>>>> cougar <c0ugar7i8 at comcast.net> writes:
[...]
> Now I get messages like this...
Have you actually tried researching what those are yourself?
Just in case, here is a quick primer on how to do it:
> Aug 24 13:37:10 mercury IN-world: IN=eth1 OUT= MAC= SRC=68.45.214.101
> DST=68.45.215.255 LEN=236 TOS=00 PREC=0x00 TTL=64 ID=230 DF PROTO=UDP
> SPT=138 DPT=138 LEN=216
The 'SPT' and 'DPT' tell you which ports are involved.
Usually, only the 'DPT' is meaningful, since the SPT is randomly
assigned somewhere up in the 32,000+ range.
Anyway, take the DPT number (138, in this case) and search the
/etc/services file for it:
] egrep '\<138/' /etc/services
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
Then, apply Google to the protocol in question, to find out what it is
and if you should care.
Hint: this is someone broadcasting a Windows networking packet.
[...]
> And of course, I get this when trying to do a dns search...
>
> host 221.208.208.194
> Host 194.208.208.221.in-addr.arpa not found: 3(NXDOMAIN)
The suggested changes to the firewall shouldn't have caused name
resolution to fail. Take a look at your resolver setup, etc.
Daniel
More information about the Firehol-support
mailing list