--- Re=E7u de VITEUR.BUNTERMA 04 72 96 57 77 08/10/02 14= .54 Date: Tue, 8 Oct 2002 07:15:23 -0500 Subject: Presentation >Hello to everyone. Hello. >This is my first post in this list and let me introduce myself. >My name is Joaquin Durand. I've installed a PC with RedHat 7.2 in order >to experiment and learn a little. I have little experience with unix >systems. >So far everything is OK with my RedHat server, I successfully installed >IP Masquerade following the instructions in the "Linux IP Masquerade >HOWTO" and I'm sharing my DSL with a Mac and a Windows PC. Now read the IPTABLES HOWTO - v.important >Since then, I'm getting constantly these in the messages log: >Oct 7 20:59:16 Linolio kernel: IN=3Dppp0 OUT=3D MAC=3D SRC=3D64.172.12= 0.252 >DST=3D200.67.218.219 LEN=3D78 TOS=3D0x00 PREC=3D0x00 TTL=3D113 ID=3D509= 88 PROTO=3DUDP >SPT=3D1025 DPT=3D137 LEN=3D58 Destination port, DPT is 137 and its UDP. From http://www.iana.org/assignments/port-numbers netbios-ns 137/tcp NETBIOS Name Service netbios-ns 137/udp NETBIOS Name Service netbios-dgm 138/tcp NETBIOS Datagram Service netbios-dgm 138/udp NETBIOS Datagram Service netbios-ssn 139/tcp NETBIOS Session Service netbios-ssn 139/udp NETBIOS Session Service >The origin IP changes all the time. I'm a little worried about the >security of my server. It seems that somebody is trying to get access >through the web server but using Windows commands :-D (hahaha) >But my concern is about the messages log, I don't know how to interpret >the log and I'm afraid that someone is trying to brake in. >Could somebody guide me and tell me what to do in order to make sure my >server is secure? >Thank you very much. >- Joaquin! After reading the IPTABLES HOWTO, set a rule (or rules) to drop anything to your machine that you haven't initiated. Do a Google on RH7.2 +securing and you'll get a load of sites. Rgs, Matt ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ---- 08/10/02 14.54 ---- Envoy=E9 =E0 -----------------------------= ----- -> SECURITY-DISCUSS(a)LINUXSECURITY.COM ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
