Unsure of log report entry

[Brian Kelsay]

Doc, your box is running iptables, which plugs into the kernel, so the kernel
 sends the error messages.   What are you using for the router?  A distro of 
Linux with iptables and Snort?  Hopefully yes, with your server in a DMZ to 
limit access from it to the internal network.  By you saying it runs DNS, I'm 
guessing it is not cordoned off.  The logs on your router/firewall will probably have more info.  I would check that the webserver is up to date for all security updates and run ckrootkit on it if it is way out of date.  Ask Brian Densmore about this.

Can you really shoot lasers and remove pain?  Cool.  Can you hook us up with something like Star trek has?  I just want to do a little target practice.


Brian Kelsay

>>> docv <> 10/12/04 06:21PM >>>
No, Logwatch doesn't tell me where it came from. I am running HTTP, DNS 
and POP3 on that box. I did have an alert message from my router letting 
me know that an attack was unsuccessful from that IP address, inbound 
from WAN, but was concerned when I say that this log message was coming 
from the kernel. I'm obviously not very knowledgeable about TCP/IP 
protocols but this old dog is still learning! ;-)

And to answer Dustin's question, no, that's not my clinic. As in my 
signature lines, my clinic is the Laser Pain Relief Center in downtown 
Lee's Summit (just opened it up 3 weeks ago).

Brian Kelsay wrote:

> ICMP is a ping request.  It just means that you are unable to get to that box.
> But, you want to know why your box is trying to hit it.  Are you running the 
> box as a webserver or any other type of server?  Is this a ping from the 
> outside or inside?  Does Logwatch tell you this? 
> 
> 
> Brian Kelsay

-- 
Steve Vaitl, D.C.
Certified Chiropractic Sports Physician
Laser Pain Relief Center