> "Eduardo P. Rom�n O." wrote: > > This appear a lot of time in my log; > Sep 2 02:35:32 myhost kernel: Packet log: input DENY eth1 PROTO=17 > XX.XX.XX.XX:50255 YY.YY.YY.YY:53 L=72 S=0x00 I=31582 F=0x4000 T=64 > (#1) > > where XX.XX.XX.XX is an know IP and YY.YY.YY.YY is my hosts IP. > > How know what happenend ???? > It looks like the "xx.xx.xx.xx" ip address belongs to a Name server, and it is attempting to make a connection on your DNS port. Because this server is using UDP, it does not appear to be malicious. Are you running any kind of a DNS server? Is this Name server your ISP's name server. If the PROTO=6, and it is of a TYPE SYN, you would be justified in your apprehension. Run a "nslookup q=txt" on the machine, and see if you recognize it. Is the interface, eth1, an external interface? Do some sleuthing, you might be surprised at what you come up with... drjung
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
