[Lilug] DENY messages?
Justin A
lilug@lilug.org
Thu, 14 Jun 2001 19:25:59 -0400 (EDT)
On Thu, 14 Jun 2001, Karl L. Abrams wrote:
> My /var/log/message file is being filled with messages
>
> Jun 14 12:05:29 ool-18bb765f kernel: Packet log: input DENY eth1 PROTO=17
> 24.187.118.95:138 24.187.119.255:138 L=262 S=0x00 I=3165 F=0x0000 T=64 (#10)
> Jun 14 12:05:29 ool-18bb765f kernel: Packet log: input DENY eth1 PROTO=17
> 24.187.118.95:138 24.187.119.255:138 L=241 S=0x00 I=3166 F=0x0000 T=64 (#10)
They key piece of information here is that the connection is coming in on
port 138. Port 138 is used by windows for filesharing(think samba).
These are probably the result of windows searching for computers on the
local network. I know with the connection here the dhcp server sends out
a blank broadcast(255.255.255.255) preventing broadcast packets from being
pickup up by anything.
You probably want to stop ipchains from logging those connections(remove
the -l).
-Justin