[NBLUG/talk] SuSEFirewall2 How to read the log file?

Micxz (lovedialup.com) an_email at micxz.com
Thu Jul 10 21:41:01 PDT 2003


Hello all'

I'm looking at my messages log and and am a bit lost in it's output:

Jul 10 21:27:40 mars kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
SRC=200.52.172.13 DST=66.xxx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=110
ID=9313 DF PROTO=TCP SPT=2716 DPT=2723 WINDOW=16384 RES=0x00 SYN URGP=0
OPT (0204056401010402)

OK, so I see it's via the protocol "TCP", the packet came from some
computer in Guadalajara it looks form the whois output. The DST is my
IP. The Time to Live is 110, the SYN being the synchronize flag bit set
is initiating a connection from the sender to the recipient. But

Can you guys help me is the way to read the rest of the info?
And are there some theories on why random PC's are trying to connect to
our linux boxes? (usually three packets at a time.)

--
Micxz



More information about the talk mailing list