Doug Koobs wrote:
>
> Hello,
>
> I am getting many entries in /var/log/messages like the following:
>
> Aug 13 18:02:51 dkoobs kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
> MAC=00:e0:18:90:62:63:00:01:42:2f:bf:70:08:00 SRC=65.34.51.97
> DST=65.34.56.199 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=43624 DF PROTO=TCP
> SPT=21074 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0
>
> The DPT=139 is what interests me. I am just curious as to what is going on.
> I am getting these from multiple IP addresses, some not on the same subnet,
> although most are. I assume that someone is trying to access a Windows
> share? Anyone think RR will take any action if I report it?
>
> Also, I have been running this firewall for quite some time, and have not
> had very many of these entries in the past. They seem to have exploded
> today... Anyone else noticed? Thanks,
It's probably related to the CodeRed stuff. Most Windows boxes, when
they try to connect to another machine, no matter what that machine is,
I've noticed, will start noodling around the various NetBIOS ports on
that box. It's just something Windows does.
It's a great way to see who else is on the network with you though, and
sniff around for open shares and whatnot. It's also wonderful evidence
of the extremely crappy security model of Windows.
RR won't care. In fact, if you report it, they'll probably shut YOU
down for allegedly "attacking" other computers. (I mean, how else would
you KNOW there were people doing NetBIOS connects to your machine unless
you were running some kind of virus server or something....)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.eff.org/ http://www.opendvd.org/
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:20:22 EDT