RE: [ILUG] port 138

From: Grahame Newell (gnewell at domain iol.ie)
Date: Sun 05 Aug 2001 - 08:50:23 IST

Check out this page
http://securityportal.com/closet/closet20001101.html

It's port blocking set up on your machines

HTH

Grahame Newell

 -----Original Message-----
From: cnb at domain eircom.net [mailto:cnb at domain eircom.net]
Sent: Saturday, August 04, 2001 8:48 PM
To: ilug at domain linux.ie
Subject: [ILUG] port 138

Not sure if this is proper place to post this, if not please be gentle. :)
I have been getting this in /var/log/messages continuously for a couple of
days now.
I'm not sure what is running that would be causing this. Anyway, heres the
log

192.168.0.22 and 192.168.0.255 are machines in our internet cafe
194.125.22.1 is our webserver and 194.125.22.86 is a virtual domain.

Aug 3 22:16:01 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2202 194.125.22.1:80 L=48 S=0x00 I=60122 F$
Aug 3 22:16:04 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2202 194.125.22.1:80 L=48 S=0x00 I=61402 F$
Aug 3 22:16:07 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2204 194.125.22.86:80 L=48 S=0x00 I=63194 $
Aug 3 22:16:10 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2202 194.125.22.1:80 L=48 S=0x00 I=64474 F$
Aug 3 22:16:10 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2204 194.125.22.86:80 L=48 S=0x00 I=64730 $
Aug 3 22:16:16 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2204 194.125.22.86:80 L=48 S=0x00 I=7131 F$
Aug 3 22:16:22 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2202 194.125.22.1:80 L=48 S=0x00 I=9947 F=$
Aug 3 22:16:28 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2204 194.125.22.86:80 L=48 S=0x00 I=18907 $
Aug 3 22:17:08 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2208 194.125.22.86:80 L=48 S=0x00 I=45275 $
Aug 3 22:17:11 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2208 194.125.22.86:80 L=48 S=0x00 I=46555 $
Aug 3 22:17:17 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2208 194.125.22.86:80 L=48 S=0x00 I=48347 $
Aug 3 22:17:22 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2209 194.125.22.1:80 L=48 S=0x00 I=49883 F$
Aug 3 22:17:25 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2209 194.125.22.1:80 L=48 S=0x00 I=51163 F$
Aug 3 22:17:29 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2208 194.125.22.86:80 L=48 S=0x00 I=52443 $
Aug 3 22:17:31 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2209 194.125.22.1:80 L=48 S=0x00 I=53211 F$
Aug 3 22:17:43 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2209 194.125.22.1:80 L=48 S=0x00 I=56283 F$
Aug 3 22:18:07 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2210 194.125.22.1:80 L=48 S=0x00 I=62427 F$
Aug 3 22:18:10 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2210 194.125.22.1:80 L=48 S=0x00 I=63707 F$
Aug 3 22:18:16 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2210 194.125.22.1:80 L=48 S=0x00 I=65499 F$
Aug 3 22:18:28 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2210 194.125.22.1:80 L=48 S=0x00 I=3036 F=$
Aug 3 22:18:47 leviathan sshd[4185]: log: Closing connection to
193.120.224.170
Aug 3 22:19:49 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:138 192.168.0.255:138 L=258 S=0x00 I=5602$
Aug 3 22:21:00 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:137 192.168.0.255:137 L=78 S=0x00 I=7901 $
Aug 3 22:21:39 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2230 194.125.22.1:80 L=48 S=0x00 I=11486 F$
Aug 3 22:21:42 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2230 194.125.22.1:80 L=48 S=0x00 I=12510 F$
Aug 3 22:21:48 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2230 194.125.22.1:80 L=48 S=0x00 I=14302 F$
Aug 3 22:22:00 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2230 194.125.22.1:80 L=48 S=0x00 I=17630 F$
Aug 3 22:23:36 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:138 192.168.0.255:138 L=258 S=0x00 I=1532$
Aug 3 22:26:12 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2295 194.125.22.1:80 L=48 S=0x00 I=10465 F$
Aug 3 22:26:15 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2295 194.125.22.1:80 L=48 S=0x00 I=11745 F$
Aug 3 22:26:21 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2295 194.125.22.1:80 L=48 S=0x00 I=13281 F$
Aug 3 22:26:33 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2295 194.125.22.1:80 L=48 S=0x00 I=39393 F$
Aug 3 22:30:33 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2324 194.125.22.1:80 L=48 S=0x00 I=48867 F$
Aug 3 22:30:36 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2324 194.125.22.1:80 L=48 S=0x00 I=50147 F$
Aug 3 22:30:42 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2324 194.125.22.1:80 L=48 S=0x00 I=51683 F$
Aug 3 22:30:54 leviathan kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.22:2324 194.125.22.1:80 L=48 S=0x00 I=55011 F$
Aug 3 22:31:13 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:137 192.168.0.255:137 L=78 S=0x00 I=60387$
Aug 3 22:32:05 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:138 192.168.0.255:138 L=258 S=0x00 I=4912$
Aug 3 22:47:06 leviathan kernel: Packet log: input DENY eth0 PROTO=17
192.168.0.22:138 192.168.0.255:138 L=258 S=0x00 I=5092$

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:28 GMT