[sclug] Gumpf in logcheck
Tim Sutton
tim at linfiniti.com
Tue Jun 17 15:21:49 UTC 2008
Hi all
Every hour logcheck sends me an email report. For the most part I get
stuff like this:
Jun 17 02:04:08 linfiniti kernel: IN=eth0 OUT=
MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=64.246.48.73
DST=89.127.144.227 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=4954 DF
PROTO=TCP SPT=1780 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 17 02:04:11 linfiniti kernel: IN=eth0 OUT=
MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=64.246.48.73
DST=89.127.144.226 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=7454 DF
PROTO=TCP SPT=1779 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0
Jun 17 02:42:27 linfiniti kernel: IN=eth0 OUT=
MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=222.1.40.116
DST=89.127.144.227 LEN=404 TOS=0x00 PREC=0x00 TTL=108 ID=64061
PROTO=UDP SPT=1100 DPT=1434 LEN=384
My questions are:
1) what do they mean (in plain english)?
2) if they are no cause for concern, how can I get rid of them? I
googled the subject and one option seems to be to use iptable_drop.
This seems to be a kernel module, unavailable in apt and I dont want
to start mucking arund with the kernel on my production debian server.
I'm hoping to pare down the logcheck reports to include just things I
should actually be concerned about....or maybe thats exactly what its
doing ....
Thanks!
Regards
--
Tim Sutton
QGIS Project Steering Committee Member - Release Manager
Visit http://qgis.org for a great open source GIS
openModeller Desktop Developer
Visit http://openModeller.sf.net for a great open source ecological
niche modelling tool
Home Page: http://tim.linfiniti.com
Skype: timlinux
Irc: timlinux on #qgis at freenode.net
More information about the Sclug
mailing list