RE: Interesting log

Drew Hunt Fri, 02 Feb 2001 19:25:13 -0800
Actually port 81 is already blocked on the input side.  All ports are
blocked by default unless the masq is expecting them (say, an FTP
connection).  All tcp rules for allowed ports have the ! -y option on them.

What sites should I check for information about windows viruses?

Thanks,
Drew

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mikkel L. Ellertson
Sent: Friday, February 02, 2001 6:38 PM
To: RedHat general mailling list
Subject: Re: Interesting log


On Fri, 2 Feb 2001, Drew Hunt wrote:

> I found these logs blocking outgoing packets.  Whois tells me this IP
> belongs to RackSpace in San Antonio, TX.  What's weird is that I woke up
at
> midnight to find my Windoze computer, that had been turned off for the
> night, on and waiting for my password.  Would the Wake-On-LAN feature be
> causing this?  And what is this port 81?
>
> Logs follow:
>
> Feb  1 21:29:21 tenchi kernel: Packet log: output REJECT eth0 PROTO=6
> 24.221.123.186:63508 207.71.8.87:81 L=48 S=0x00 I=24399 F=0x4000 T=127 SYN
> (#50)
[snip]
>
> Any feedback appreciated.
>
> Thanks,
> Drew
>
Drew,
        It is hard to say for sure, but I would suspect that you have a
virus on your Windows machine.  Wake-On-LAN will wake up an ATX powered
Windows machine, but only if you have it turned on in your BIOS, and hae
a built in NIC, or have the WOL power jumper installed.  It also
requires a special packet sent to your Windows machine to activate it.
It is also posible to set some BIOSs to wake at a specific time.  This
does not require any hardware jumpers.
        I wish the log could tell up what machine sent the blocked
packets, but if you are using masquerading, the address an output rule
sees is the address after masquerading.  You could create an input rule
to filter port 81, and see what happens.

Mikkel
--

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Interesting log

Reply via email to
