[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- Subject: Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?
- From: "Dan" <daniel@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 1 May 2001 18:47:43 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Sorry, popped out - there are 3 ip's in there at a quick glance - what does
this actually do?
Dan
----- Original Message -----
From: Gerald Waugh <sales@xxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, May 01, 2001 5:00 PM
Subject: Re: [cobalt-security] Why does PortSentry continue to log ports 137
and 138 even though I've told it not to?
> Dan <daniel@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
>
>
> > Can anyone help?
> >
> > I recently installed the UK2net firewall as a test to see
> if it would work
> > on my Raq 3 (I'm not with UK2Net but the configuration of
> the firewall
> > seemed fairly easy to adapt). Prior to this I had
> Portsentry and Logcheck
> > running fine. Since installing the firewall and it seeming
> to work, I have
> > been repeatedly swamped with logs relating to ports 137
> and 138 from
> > machines on the local network. Even if I turn the firewall
> off (as it is
> > now) the logs keep coming through e.g.
> >
> > May 1 15:01:20 kernel: Packet log: input DENY eth0
> PROTO=17
> > 195.224.212.76:137 195.224.212.255:137 L=78 S=0x00 I=45852
> F=0x0000 T=64
> > (#27)
> > May 1 15:01:38 kernel: Packet log: input DENY eth0
> PROTO=17
> > 195.224.15.27:137 195.224.15.255:137 L=78 S=0x00 I=25559
> F=0x0000 T=128
> > (#45)
> >
> <SNIP>
> Have you looked at the routing table? "route"
> Gerald
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>