El lun, 06 de 12 de 2004 a las 17:54, ro0ot escribiÃ: > Hi, > > I get lots of tcp port 445 traffic when I do a tcpdump -n port 445, > could it be an attack? > > I check on the syslog files at /var/log/syslog, it shows this as below: - > > Dec 7 00:36:40 fw01 kernel: Neighbour table overflow. > Dec 7 00:36:46 fw01 kernel: NET: 32 messages suppressed. > Dec 7 00:36:46 fw01 kernel: Neighbour table overflow. > Dec 7 00:36:51 fw01 kernel: NET: 27 messages suppressed. > Dec 7 00:36:51 fw01 kernel: Neighbour table overflow. > Dec 7 00:38:14 fw01 kernel: NET: 6 messages suppressed. > Dec 7 00:38:14 fw01 kernel: Neighbour table overflow. > > When I try to ping my router IP address, I get this message below: - > > connect: No buffer space available > > I did tried running the below command and it seems not helping much: - > > iptables -I cus2jarwan -p tcp --dport 445 -j REJECT --reject-with tcp-reset > > or > > iptables -I cus2jarwan -p tcp --dport 445 -j DROP > > How can I stop this tcp port 445 traffic? Or how can I prevent it? > > Regards, > ro0ot > I also receive tons of this kind of traffic, like anyone else, I suppose. The way you stop them it's correct, maybe you don't have the rule in the correct chain, because it works ok for me. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
