On Tue, 26 Aug 2003, Jeffrey Laramie wrote: > George, here is the log entry I got: > > Aug 26 15:39:46 NS2 kernel: Filter_INPUT: IN=eth1 OUT= > MAC=00:c0:f0:69:26:49:52:54:00:de:46:c7:08:00 SRC=172.144.233.136 > DST=192.168.0.24 LEN=73 TOS=0x10 PREC=0x00 TTL=128 ID=1755 PROTO=UDP > SPT=137 DPT=53 LEN=53 It looks to me that 172.144.233.136 is a nameserver, and 192.168.0.24 asked it for name resolution, and we're looking at its answer. However, at present, this machine is refusing connections to port 53, so it's possible that there used to be a virus on it that tried to use port 53 for some evil purpose. Suggestion: do a virus scan on 192.168.0.24. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc@xxxxxxxxxxxxx http://www.math.ucla.edu/~jimc (q.v. for PGP key)
