Re: lots of tcp port 445 traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El lun, 06 de 12 de 2004 a las 17:54, ro0ot escribiÃ:
> Hi,
> 
> I get lots of tcp port 445 traffic when I do a tcpdump -n port 445, 
> could it be an attack?
> 
> I check on the syslog files at /var/log/syslog, it shows this as below: -
> 
> Dec  7 00:36:40 fw01 kernel: Neighbour table overflow.
> Dec  7 00:36:46 fw01 kernel: NET: 32 messages suppressed.
> Dec  7 00:36:46 fw01 kernel: Neighbour table overflow.
> Dec  7 00:36:51 fw01 kernel: NET: 27 messages suppressed.
> Dec  7 00:36:51 fw01 kernel: Neighbour table overflow.
> Dec  7 00:38:14 fw01 kernel: NET: 6 messages suppressed.
> Dec  7 00:38:14 fw01 kernel: Neighbour table overflow.
> 
> When I try to ping my router IP address, I get this message below: -
> 
> connect: No buffer space available
> 
> I did tried running the below command and it seems not helping much: -
> 
> iptables -I cus2jarwan -p tcp --dport 445 -j REJECT --reject-with tcp-reset
> 
> or
> 
> iptables -I cus2jarwan -p tcp --dport 445 -j DROP
> 
> How can I stop this tcp port 445 traffic?  Or how can I prevent it?
> 
> Regards,
> ro0ot
> 

I also receive tons of this kind of traffic, like anyone else,
I suppose. The way you stop them it's correct, maybe you don't
have the rule in the correct chain, because it works ok for me.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@xxxxxxxxx
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux