On 07/07/08 16:57, Simon wrote:
I'm getting a lot of the below messages - sometimes bursts of a hundred
or more, but usually just one or two here and there - in my logs:
Jul 7 17:52:46 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:08:9b:ac:c3:41:08:00 SRC=192.168.1.75
DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=137 DPT=137 LEN=58
These are NetBIOS Name Service packets. These packets are from Windows
computers (or any computer using Windows networking) looking for other
computers on the network.
I'm guessing it is something to do with IPv6.? But all I really want to
know is why are they being blocked and/or how can I stop seeing these in
my logs?
Nope, these have nothing to do with IPv6. The particular above packet
came from the computer at 192.168.1.75 when it was trying to find out
what was on the network. It sent this packet as a broadcast to the
network, thus requesting that all systems on the network speaking
NetBIOS respond so that it could learn something, or argue about
something (browse master election...).
With out knowing what you have in your firewall I can not even begin to
tell you how to not get them in your logs. It looks like (based on the
"IPTABLES-IN Default Drop") that this is a catch all rule that drops any
thing that has not explicitly been previously allowed.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
