Very Computer

I have 2 NICs in my PC. One NIC has an internet connection, the other a
local lan connection. I noticed recently that syslog, messages and some
other files in /var/log are getting rather large. On inspection I found
that both NICs are sending a packet to port 631 (which is being denied
by ipchains) every second. A segment of output is:

Dec 13 16:50:02 bc18479 kernel: Packet log: input DENY eth0 PROTO=17
216.228.184.79:631 216.228.184.255:631 L=105 S=0x00 I=855 F=0x0000 T=64
(#32)
Dec 13 16:50:02 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=856 F=0x0000 T=64 (#32)

Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth0 PROTO=17
216.228.184.79:631 216.228.184.255:631 L=105 S=0x00 I=886 F=0x0000 T=64
(#32)
Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=887 F=0x0000 T=64 (#32)

How can I identify which application is causing this to happen? And the
correct the problem?

Thanks,

Brad

....

Quote:> Dec 13 16:50:33 bc18479 kernel: Packet log: input DENY eth1 PROTO=17
> 192.168.0.1:631 192.168.0.255:631 L=105 S=0x00 I=887 F=0x0000 T=64
> (#32)

> How can I identify which application is causing this to happen? And
> the correct the problem?

port 631 is the port used by cups (printing).  Use lsof and search
for programs that have are trying for a  connection to that port.

karl.

Hi Brad,

This is your printing daemon (lprng) announcing its existence. One
usally does find such things by looking up the destination port in
/etc/services or
http://www.isi.edu/in-notes/iana/assignments/port-numbers

Check the manual material for this program packet for further
information how to disable the broadcasting on the outbound interface.
Or the one of your distribution on how to disable the daemon.

Blocking the broadcasts on the inbound device seems to be quite useless.
Clients do read these messages to detect available printers.

Malware