Hello,
I am getting many entries in /var/log/messages like the following:
Aug 13 18:02:51 dkoobs kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:e0:18:90:62:63:00:01:42:2f:bf:70:08:00 SRC=65.34.51.97
DST=65.34.56.199 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=43624 DF PROTO=TCP
SPT=21074 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0
The DPT=139 is what interests me. I am just curious as to what is going on.
I am getting these from multiple IP addresses, some not on the same subnet,
although most are. I assume that someone is trying to access a Windows
share? Anyone think RR will take any action if I report it?
Also, I have been running this firewall for quite some time, and have not
had very many of these entries in the past. They seem to have exploded
today... Anyone else noticed? Thanks,
Doug
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:17:33 EDT