Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Jack McCauley on March 28, 2001, 10:49:25 PM
-
For the past two days, I have been seeing some odd entries in the messages file of our e-smith 4.1.1 server. This server is acting as our firewall, so I watch the messages log pretty closely. The messages I am seeing look like this:
Mar 28 12:48:05 mfsi1267 kernel: Packet log: denylog DENY eth0 PROTO=17 192.168.2.6:137 192.168.2.255:137 L=96 S=0x00 I=0 F=0x0000 T=128 (#1)
Mar 28 12:48:05 mfsi1267 kernel: Packet log: denylog DENY eth0 PROTO=17 192.168.2.6:137 192.168.2.255:137 L=96 S=0x00 I=1 F=0x0000 T=128 (#1)
Mar 28 12:48:05 mfsi1267 kernel: Packet log: denylog DENY eth0 PROTO=17 192.168.2.6:137 192.168.2.255:137 L=96 S=0x00 I=2 F=0x0000 T=128 (#1)
There are sometimes only a few, and sometimes lots of these messages. Our internal network is 192.168.1.0, and eth0 is the inward looking interface. None of the machines I have configured are on the 192.168.1.0 subnet, and almost all of these machines are configured to get their IP address assignments via DHCP. I don't really know how to decode these entries well enough to figure out what is happening, but I know I didn't assign this address. Any help would be appreciated.
-
Jack McCauley wrote:
> Mar 28 12:48:05 mfsi1267 kernel: Packet log: denylog DENY
> eth0 PROTO=17 192.168.2.6:137 192.168.2.255:137 L=96 S=0x00
> I=2 F=0x0000 T=128 (#1)
That's a WIndows machine doing NetBIOS name resolution.
> Our internal network is 192.168.1.0, and eth0 is
> the inward looking interface. None of the machines I have
> configured are on the 192.168.1.0 subnet,
I assume that you mean the 192.168.2.0 subnet. If you didn't configure a machine to that address, then someone else did.
Charlie
-
Is there any way to determine which machine is configured to the 192.168.2.0 subnet? Is there a source of information that would allow me to decode these entries?