Re: [vox-tech] anyone know what these kernel messages mean?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] anyone know what these kernel messages mean?
On Wed, Oct 11, 2000 at 11:45:10AM -0700, Henry House wrote:
> On Tue, Oct 10, 2000 at 03:10:05PM -0700, Micah Cowan wrote:
> > On Tue, Oct 10, 2000 at 02:04:34PM -0700, Ricardo Anguiano wrote:
> > >
> > > geektools.com whois says address 207.215.71.255 is owned by pacbell and
> > > mother.com.
> > >
> > > port 137 is Netbios name service. 255 is a broadcast address. someone
> > > is looking for a netbios name resolver.
> > >
> > > -Ricardo
> > >
> >
> > I'd say definitely firewall log then.
>
> Yes, I am running a couple of firewall rules that block UDP packets and log
> them. But normally they appear in syslog, not on every open console.
>
> > It's common script-kiddy knowledge that you can easily crash a 'doze
> > machine by putting garbage into 137. They can also snoop your network
> > (duh).
>
> Which would explain why my kernel considered these high-priority? Because
> they were malformed? As for the second message, does that appear to you
> experts to be related to the first? It means nothing to me.
I would guess so, but dunno. :)
I think you might check your /etc/syslog.conf to make sure it says
what you want it to.
>
> Btw, I should mention that I've had a lot of trouble with misconfigured Win32
> machines on mother.com's LAN (mostly cohosting customers' servers) sending
> individual packets to 137/udp but this is the worst it's ever been (I had
> over 600Mb of logfiles in just twelve hours!). And what I really want to know
> was why did my kernel have thhe impertinence to write the logmessages to
> every console? It made the machine almost unusable!
>
> --
> Henry House
> OpenPGP key available from http://hajhouse.org/hajhouse.asc
|
