LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firewall Log Question

[ILUG] Firewall Log Question

Chris Higgins chris.higgins at horizon.ie
Thu Nov 22 18:01:29 GMT 2001 

> Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17
> 192.168.2.185:138  192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71)

Machine 192.168.2.185 is sending a directed broadcast to 192.168.255.255,
its being picked up by some machine on the network and forwarded.

It looks like it's windows traffic .. so shutdown all the windows machines
and see if it continues.

When it stops.. leave all the windows machines switched off and relax.

If that doesn't work there are two further options listed below:

> 
> They have as many as 40 pages of this type of messages , presenting this
> "deny" access as  the evidence we have tried to penetrate their network.

Option 1: Sue Microsoft :-)

> 
> Since we are not int er ested is go into that VPN, nor we have tried to do
> it, please help me in find a technnical explanation for the "evidences" the
> have shown.

port 138 is used by Windows networking... 
> 
> With this I sent a small description about how network has bean
> setting up and the hardware that the we are using.
> 
> Network 1 : 10.10.X.X / 255.255.0.0 (The Other Company/Firewall)
> 
> Network 2 : 192.168.5.X.X / 255.255.0.0 (My company)
> 
> The Switch we have 2 Vlans.
> 
> The Switch and Gateway/Firewall is controlled by the other company.
> 
> The Router connect us to the internet. The router is controlled by ISP

Option 2: Their firewall is in your VLAN2, so their firewall is seeing your
local windows broadcast traffic and filtering it.

Remove their firewall from your VLAN... Problem solved....

Rgds,
Chris.
> 
> 
> --------     --------    -------------
> |Router|     |HUB   |    |Comp. (Win)|(192.168.X.X)
> |Cisco |---->|      |--->|Network 2  |
> --------     --------    -------------
> (192.168.X.X)   | |_____________________
> (10.10.X.X)     |                      |(port Vlan2)
>                 v                      v
>             ----------             ----------(Vlan 2)         192.168.X.X
>             |Gateway |             |Switch  |-------->NetWork 2 (Windows)
>             |FireWall|------------>|3Com    |(Vlan 1)
>             |(Linux) | (port Vlan1)|        |-------->NetWork 1 (Windows)
>             ----------             ----------                  10.10.X.X
>             (10.10.X.X)            (10.10.X.X)
> 
> 
> 
> Thanks.
> 
> 
> -- 
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell