Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Messages Log extract - what does it mean?
« previous next »
Pages: [1]   Go Down

Messages Log extract - what does it mean?

  • 4 Replies
  • 2176 Views

Offline paul_NZ

  • ****
  • 79
  • +0/-0
    • http://www.csssnz.com
Messages Log extract - what does it mean?
« on: May 21, 2005, 11:14:18 PM »
I'm posting an extract from my Message Log and ask if someone can tell me what it is really telling me as the log contains heaps of similar entries.

May 22 08:47:38 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.41.210.7 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=9180 DF PROTO=TCP SPT=4558 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0
May 22 08:47:41 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.41.210.7 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=9993 DF PROTO=TCP SPT=4558 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0
May 22 08:53:33 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.150.25 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=31028 DF PROTO=TCP SPT=3008 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
May 22 08:53:36 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.150.25 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=31254 DF PROTO=TCP SPT=3008 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
May 22 08:55:43 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.145.200 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=19116 DF PROTO=TCP SPT=4258 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=52234
May 22 08:55:46 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.145.200 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=19453 DF PROTO=TCP SPT=4258 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
May 22 08:56:09 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.147.200 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=62747 DF PROTO=TCP SPT=3932 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
May 22 09:04:16 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.138.69 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=64183 DF PROTO=TCP SPT=2487 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
May 22 09:04:19 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.138.69 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=64430 DF PROTO=TCP SPT=2487 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
May 22 09:06:49 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.138.69 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=10599 DF PROTO=TCP SPT=2718 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
May 22 09:06:52 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.234.138.69 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=10828 DF PROTO=TCP SPT=2718 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Thanks in advance
Logged

Offline chris burnat

  • *****
  • 1,135
  • +2/-0
    • http://www.burnat.com
Messages Log extract - what does it mean?
« Reply #1 on: May 22, 2005, 02:12:06 AM »
It means your firewall is doing its job, do not worry about it.  If you are sick and tired watching these entries, you can issue the following command from the prompt when logged in as root:

/sbin/e-smith/db configuration setprop masq Logging none
followed by:
/sbin/e-smith/signal-event remoteaccess-update
Logged
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

Offline paul_NZ

  • ****
  • 79
  • +0/-0
    • http://www.csssnz.com
Messages Log extract - what does it mean?
« Reply #2 on: May 22, 2005, 02:19:50 AM »
Quote from: "burnat"
It means your firewall is doing its job, do not worry about it.  If you are sick and tired watching these entries, you can issue the following command from the prompt when logged in as root:

/sbin/e-smith/db configuration setprop masq Logging none
followed by:
/sbin/e-smith/signal-event remoteaccess-update


Thank you Burnat ... I thought this might have been the case but I did need an 'expert' to confirm for me.

I'll leave the logging on for a bit but I noted your commands for possible use.
Logged

Offline chris burnat

  • *****
  • 1,135
  • +2/-0
    • http://www.burnat.com
Messages Log extract - what does it mean?
« Reply #3 on: May 22, 2005, 03:04:47 AM »
Paul, I am no expert believe me, just struggling...  Note that there is an enournous amount of knowledge on the site accessible by doing a search on words of interest... When you do, ensure that you click "show all results"
Logged
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

cc_skavenger

Re: Messages Log extract - what does it mean?
« Reply #4 on: May 22, 2005, 08:41:23 AM »
Quote from: "paul_NZ"
May 22 08:47:38 mrc01 kernel: denylog:IN=eth1 OUT= MAC=00:e0:7d:dd:41:02:00:a0:c5:4f:b8:b1:08:00 SRC=60.41.210.7 DST=192.168.0.22 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=9180 DF PROTO=TCP SPT=4558 DPT=445 WINDOW=65044 RES=0x00 SYN URGP=0


SRC=60.41.210.7  - Originating IP
DST=192.168.0.22  - Lan IP that packets were destined for
PROTO=TCP  - Protocol used
SPT=4558   -  Source Port
DPT=445  - Destination Port

This looks like a WinNT based box that has a virus and the virus is doing a scan to find another NT based box to infect.  FWIW, Port 445 is the new Netbios port; it took over for ports 135 - 139.

HTH
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Messages Log extract - what does it mean?