Hi folks.
Noticed weird entries in journalctl:
Jan 14 00:38:25 wishmasus.loc kernel: Shorewall:net2fw:DROP:IN=docketh1 OUT= MAC=00:xx:yy:xz:Zs:Ss SRC=OtherLocalMachine DST=MyMachine LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=24209 DF PROTO=UDP SPT=21817 <<<<< SOURCE PORT IT TRIED TO REACH DPT=37647 LEN=131
I hate to see stuff like this especially if I don’t know where it comes from so I went to the machine that traffic came from and ran (as root):
netstat -lnp | grep 21817
just to find out that…
tcp 0 0 0.0.0.0:21817 0.0.0.0:* LISTEN 664/skype
udp 0 0 0.0.0.0:21817 0.0.0.0:* 664/skype
somebody left Skype running…
Ports can vary…
tcp 0 0 0.0.0.0:37647 0.0.0.0:* LISTEN 1956/skype
udp 0 0 0.0.0.0:37647 0.0.0.0:* 1956/skype
and it does not have to be Skype… but if You have a funny messages from shorewall in Your system journal – You can try searching for the source of them if You have access to the machine that sends them…
Cheers.
Andrzej
