[NTLUG:Discuss] annoying log entry
Philip Stetz
philip_stetz at yahoo.com
Sun Jan 18 13:18:15 CST 2004
The following entry appears quite frequently in my
logs and I was hoping someone could help explain why
it's there.
Jan 18 08:50:22 linux kernel: SuSE-FW-ILLEGAL-TARGET
IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:04:76:4b:e8:e7:08:00
SRC=192.168.2.38 DST=192.168.2.255 LEN=78 TOS=0x00
PREC=0x00 TTL=128 ID=18325 PROTO=UDP SPT=137 DPT=137
LEN=58
I have a SMC Barricade with a linux and windows box
connected to it. The firewall sits on my linux box,
which runs SuSE. It looks like the windows box
(192.168.2.38) is sending out a broadcast looking for
NETBIOS Name Service.
But why does the firewall care? I'm not running any
type of special service:
Starting nmap 3.30 ( http://www.insecure.org/nmap/ )
at 2004-01-18 12:53 CST
Interesting ports on 192.168.2.37:
(The 1643 ports scanned but not shown below are in
state: closed)
Port State Service
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned
in 0.756 seconds
And here's a couple entries from
/etc/sysconfig/SuSEfirewall2:
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
Any thoughts?
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
More information about the Discuss
mailing list