Looks like netbios/windows sharing traffic to me. Turn your other PC's off and/or disable NetBIOS / filesharing and see if it persists. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Lukasz Hejnak Sent: Monday, April 18, 2005 12:23 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Strange broadcasts Hi I've started receiving some strange broadcast information on my firewall it starts in the logs around ten days ago and looks like this: INPUT:IN=eth0 OUT= MAC= SRC=192.168.10.1 DST=192.168.10.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220 INPUT:IN=eth0 OUT= MAC= SRC=192.168.10.1 DST=192.168.10.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=214 INPUT:IN=eth1 OUT= MAC= SRC=$MYEXTIP DST=$MYEXTNET.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220 INPUT:IN=eth1 OUT= MAC= SRC=$MYEXTIP DST=$MYEXTNET.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=214 INPUT:IN=eth2 OUT= MAC= SRC=192.168.11.1 DST=192.168.11.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220 INPUT:IN=eth2 OUT= MAC= SRC=192.168.11.1 DST=192.168.11.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=214 a few first occurences had SPT and DPT 137, and now it looks like the above happens about every 12 minutes, and I can't seem to see what's causing this the server is running only apache and exim the eth1 is the internet, eth{0,2} are just two connections to two PCs I've got at home (had a spare nic and no cash for a hub ;) anybody had a similar case? -- with regards Lukasz Hejnak szift@xxxxx
