[ale] ipchains please help decypher?

Joseph A. Knapka jknapka at earthlink.net
Wed Feb 28 13:05:09 EST 2001


djinn wrote:
> 
> I set up a firewall that is more for IP masq than actual security (in
> other words, I don't expect it to magically protect all the machines
> inside it).
> It's kernel 2.2.17 using ipchains, and I've done this before on a
> handful of small networks.
> 
> The machine that its on, however, is getting hammered by what looks to
> be friendly fire.  Can someone help me decypher what's going on in the
> log files so I know where to start?
> 
> Here's a sample entry (there are about 25 of these a second, from
> various hosts in the IP range, almost all on the port in this example):
> 
> Feb 28 11:32:58 hostname kernel: Packet log: input REJECT eth0 PROTO=17
> xxx.xxx.xxx.xxx:520 xxx.xxx.xxx.255:520 L=58 S=0x00 I=40961 F=0x0000
> T=128 (#5)
> Feb 28 11:32:58 mazer kernel: Packet log: input REJECT eth0 PROTO=17
> xxx.xxx.xxx.xxx:1033 xxx.xxx.xxx.255:6549 L=58 S=0x00 I=40961 F=0x0000
> T=128 (#5)
> 
> the most peculiar thing is, we're not even xxx.xxx.xxx.255, we're .146.
> *ponder*

You're on an 8-bit subnet, so xxx.xxx.xxx.255 is the broadcast address.
So everyone on your net segment is going to get these. Port 520 is
for Route Information Protocol, which some machines use to inform
one another of IP routing information. If you're seeing a *lot* of
these, then something somewhere (probably not your system) is
misconfigured. Or maybe a hacker is trying something funny; I suppose
RIP might be a fruitful way to atack a network.

I don't know about the port 6549 traffic.

HTH,

-- Joe
 
> Anyway, it's obvious that I totally don't understand what my logs are
> telling me in this case and I am having trouble finding anything about
> what it means.  Anyone?
> 
> Thanks much
> 
> jenn
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- Joe Knapka
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list