| 1 |
I'm temporarily on dialup after my ADSL router/modem died. The ADSL |
| 2 |
router/modem used to drop all the garbage aimed my ports 135, 445, 1434, |
| 3 |
etc. Iptables never saw it. Now that I'm on dialup, iptables does see |
| 4 |
the garbage, and so do I, on my current console... |
| 5 |
|
| 6 |
IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=33631 DF PROTO=TCP SPT=3961 DPT=445 WINDOW=8760 RES=0x00 SYN URGP=0 |
| 7 |
IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=35461 DF PROTO=TCP SPT=1042 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 |
| 8 |
IN=ppp0 OUT= MAC= SRC=208.65.244.98 DST=208.65.247.240 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=35677 DF PROTO=TCP SPT=1042 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 |
| 9 |
|
| 10 |
The line in /var/lib/iptables/rules-save that triggers this is... |
| 11 |
|
| 12 |
-A TCP_IN -p tcp -m tcp --dport 0:1023 -j DROP_LOG |
| 13 |
|
| 14 |
And the DROP_LOG rules are... |
| 15 |
|
| 16 |
-A DROP_LOG -j LOG --log-level 6 |
| 17 |
-A DROP_LOG -j DROP |
| 18 |
|
| 19 |
In the past, I did not have this problem when on dialup. I expect to |
| 20 |
be back up on ADSL tomorrow evening, but I do want this solved. The |
| 21 |
most recent change on my system was the upgrade to gcc 4.1.1, and the |
| 22 |
accompanying rebuild of system and world, a few days ago. |
| 23 |
|
| 24 |
-- |
| 25 |
Walter Dnes <waltdnes@××××××××.org> In linux /sbin/init is Job #1 |
| 26 |
My musings on technology and security at http://tech_sec.blog.ca |
| 27 |
-- |
| 28 |
gentoo-user@g.o mailing list |
Archives