Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Wht are these iptables logs have to do with hang up?

[atul]

Hi Geeks,
My machine was hanged up in the morning...and lots of iptables logs were started pouring on screen...I was even unable to login..

The messages were something like that:
10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22244 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2f:06:19:08:00 SRC=10.0.1.49 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16750 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2b:b5:0b:08:00 SRC=10.0.1.111 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19591 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2f:06:19:08:00 SRC=10.0.1.49 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16757 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:11:2f:9b:44:08:00 SRC=10.0.1.71 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=49919 PROTO=UDP SPT=137 DPT=137 LEN=58

Can anyone tell me is it h/w issue or kernel..?
And if h/w is it with n/w card...?

Thanks..

[atul]

Oh..
I forgot to give details:
It is Intel Xeon 4Processor...6GB RAM 350GB HD FC3 machine..
n/w card is of
Ethernet controller: Intel Corp. 82544GC Gigabit Ethernet Controller (LOM) (rev 02)

[bijo]

Hello,

It seems that you have enabled apf on your box. I think, it is the normal apf log.
Let me know the status

With regards,
Bijo

[atul]

Hi,
No I don't use apf...
it is iptables only...

See the issue is that they start pouring on screen...and it hangs up..
I am not damm sure...about them ..they are haarmless...as it seems..
But whatis that SPT=137 and DST=137...

Why is it on 137...and why they start coming on screen..
Thanks...

[bijo]

Quote:

Originally posted by atul
Hi Geeks,
My machine was hanged up in the morning...and lots of iptables logs were started pouring on screen...I was even unable to login..

The messages were something like that:
10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=22244 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 26 12:17:51 mail1 kernel: IPTABLES UDP-IN: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:61:2f:06:19:08:00 SRC=10.0.1.49 DST=10.0.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16750 PROTO=UDP SPT=137 DPT=137 LEN=58


Can anyone tell me is it h/w issue or kernel..?
And if h/w is it with n/w card...?

Thanks..

Hello,

I think, you are running samba service. It is trying to register the netbios name server of a windows network.
SRC= source Ip [Your machine Ip]
DST= destination [It is a broad cast message]
Protocol= UDP
SPT=sourceport=137
DPT=Destination port=137

You can check it by stop the smb service on your box.
Let me know the status

With regards,
Bijo.