[ale] ipchains please help decypher?
djinn
djinn at djinnspace.com
Wed Feb 28 12:57:09 EST 2001
I set up a firewall that is more for IP masq than actual security (in
other words, I don't expect it to magically protect all the machines
inside it).
It's kernel 2.2.17 using ipchains, and I've done this before on a
handful of small networks.
The machine that its on, however, is getting hammered by what looks to
be friendly fire. Can someone help me decypher what's going on in the
log files so I know where to start?
Here's a sample entry (there are about 25 of these a second, from
various hosts in the IP range, almost all on the port in this example):
Feb 28 11:32:58 hostname kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:520 xxx.xxx.xxx.255:520 L=58 S=0x00 I=40961 F=0x0000
T=128 (#5)
Feb 28 11:32:58 mazer kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:1033 xxx.xxx.xxx.255:6549 L=58 S=0x00 I=40961 F=0x0000
T=128 (#5)
the most peculiar thing is, we're not even xxx.xxx.xxx.255, we're .146.
*ponder*
Anyway, it's obvious that I totally don't understand what my logs are
telling me in this case and I am having trouble finding anything about
what it means. Anyone?
Thanks much
jenn
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list