> recently i have been seeing a lot of strange messages in my log files.
>
> shoul i be worried that there are entries like the one below or is this
> typical tcp/ip behavior?
>
> Packet log: input REJECT eth1 PROTO=17 0.0.0.0:68 255.255.255.255:67 L=328
> S=0x00 I=0 F=0x0000 T=128 (#25)
[snip]
This DHCP stuff. Your ISP probably assigns IP addresses (permanently or
dynamically) with this. If you are having trouble with your DHCP, then this
is at least part of your problem.
> also is it typical for a webserver to try and scan your netbios port?
No.
> Packet log: input REJECT eth1 PROTO=6 209.27.59.52:3375 138.89.13.118:139
> L=44 S=0x00 I=29764 F=0x4000 T=16 SYN (#24)
Someone is trying to connect (notice the SYN) to your netbios services (if
you, in fact, have any at all).
And a final parting remark, IMO you should DENY any packets that have no
business being sent to you in the first place. This makes those packets
"fall off the edge of the Earth" from the attacker's point of view.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
