On Tue, 3 Jul 2001, Joss Winn wrote:
On Mon, Jul 02, 2001 at 05:05:28PM +0100, Adam Bower wrote:
On Tue, 3 Jul 2001, Joss Winn wrote:
Jul 3 00:38:17 linux kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=211.104.247.142 DST=211.2.96.188 LEN=6
What this means is a packet came in ppp0 (your modem) destined for 211.2.96.188 (your ip address) from 211.104.247.142 (or where ever)
My dmesg is attached. I just rebooted and went online before running dmesg.
I just took a look at the output of your dmesg, it appears that you are being portscanned from various hosts. The one looking for DPT=111 are looking for open RPC servers which have lots of vulnerabilities, DPT=53 is DNS (there are plenty of attacks against Bind), DPT=21 is ftp (again there are loads of attacks against ftp servers). The scan for port 211 I don't really know what that is /etc/services says part of X-windows probably some obscure attack.
The fact that all of these logged entrys have the SYN flag set suggest that they are just port scanning for you and there is not to much to worry about.
What I would do to test the security of your firewall is to try a few of the online port scanners and see what they say, doing this should also provide lots of entrys from dmesg.
HTH Adam