[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- Subject: Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Tue, 1 May 2001 12:04:35 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Dan <daniel@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
> Can anyone help?
>
> I recently installed the UK2net firewall as a test to see
if it would work
> on my Raq 3 (I'm not with UK2Net but the configuration of
the firewall
> seemed fairly easy to adapt). Prior to this I had
Portsentry and Logcheck
> running fine. Since installing the firewall and it seeming
to work, I have
> been repeatedly swamped with logs relating to ports 137
and 138 from
> machines on the local network. Even if I turn the firewall
off (as it is
> now) the logs keep coming through e.g.
>
> May 1 15:01:20 kernel: Packet log: input DENY eth0
PROTO=17
> 195.224.212.76:137 195.224.212.255:137 L=78 S=0x00 I=45852
F=0x0000 T=64
> (#27)
> May 1 15:01:38 kernel: Packet log: input DENY eth0
PROTO=17
> 195.224.15.27:137 195.224.15.255:137 L=78 S=0x00 I=25559
F=0x0000 T=128
> (#45)
<SNIP>
Just a suggestion; look at the routing table 'route'
and delete the entries that are troubling you.
Gerald