I have been gone for a month and notice that I am now getting packets for port 901 (Samba Swat) from all over the world (see sample of packets below). I run Samba and Samba Swat, but it is only enabled for the internal addresses. Hence, all of the below packets end up being rejected and show up in my rejected logs.
Has the world released a new worm or virus that attacks port 901? Thanks, Mike. Rejected port 901 packets: Jun 8 13:01:18 www kernel: IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=67.201.86.3 DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=37278 DF PROTO=TCP SPT=4791 DPT=901 WINDOW=8760 RES=0x00 SYN URGP=0 Jun 8 14:04:50 www kernel: IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=66.76.204.40 DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=50514 DF PROTO=TCP SPT=4303 DPT=901 WINDOW=16384 RES=0x00 SYN URGP=0 Jun 8 14:05:46 www kernel: IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=68.11.36.236 DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=63902 DF PROTO=TCP SPT=4256 DPT=901 WINDOW=16384 RES=0x00 SYN URGP=0 ... Jun 8 16:42:24 www kernel: IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=217.84.218.4 DST=192.168.1.95 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=46664 DF PROTO=TCP SPT=2260 DPT=901 WINDOW=32767 RES=0x00 SYN URGP=0 Jun 8 16:55:40 www kernel: IN=eth0 OUT= MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=24.188.190.53 DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=56747 DF PROTO=TCP SPT=1033 DPT=901 WINDOW=16384 RES=0x00 SYN URGP=0 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
