Hi All! I have thousands(!!!) of such entries in logfile on my internet router linux box. 1. Packet log: output DENY ippp0 PROTO=1 [My ISDN Dynamic IP]:3 [ISP_DNS_IP]:3 L=56 S=0x00 I=11521 F=0x0000 T=127 (#3) Port 3 means "compressnet". Could/should I allow this compressnet (and how?) or just to disable loggging? 2. Packet log: input DENY ippp0 PROTO=1 [Some Inet IP]:8 [My ISDN Dynamic IP]:0 L=15 00 S=0x00 I=45898 F=0x4000 T=252 (#161) What is the Port 8, which is missing from /etc/services and what to do with that? Thanks, Slava.
On Wed, Mar 21, 2001 at 20:40 +0100, SlavaU wrote:
I have thousands(!!!) of such entries in logfile on my internet router linux box.
1. Packet log: output DENY ippp0 PROTO=1 [My ISDN Dynamic IP]:3 [ISP_DNS_IP]:3 L=56 S=0x00 I=11521 F=0x0000 T=127 (#3)
Port 3 means "compressnet". Could/should I allow this compressnet (and how?) or just to disable loggging?
Look at the protocol! ICMP doesn't have "ports" but has the notion of "code" instead. This is some kind of "unreachable" message.
2. Packet log: input DENY ippp0 PROTO=1 [Some Inet IP]:8 [My ISDN Dynamic IP]:0 L=15 00 S=0x00 I=45898 F=0x4000 T=252 (#161)
What is the Port 8, which is missing from /etc/services and what to do with that?
This is some "echo" thing (ping, traceroute, et al). Either you triggered them yourself, you inherited some other person's IP address and get late connections / attempts or someone is spoofing your address and you get the responses from the "victim". virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Hi SlavaU! On Wed, 21 Mar 2001, SlavaU wrote:
1. Packet log: output DENY ippp0 PROTO=1 [My ISDN Dynamic IP]:3 [ISP_DNS_IP]:3 L=56 S=0x00 I=11521 F=0x0000 T=127 (#3)
Port 3 means "compressnet". Could/should I allow this compressnet (and
You should notice the "PROTO=1", which means ICMP (for Internet
Control Message Protocol). Look at /etc/protocols for some other
protocols.
As there's no TCP or UDP packet, there's nothing like a a port. ICMP
is defined in RFC792.
In case of ICMP packets, a log entry contains
... <source address>:<ICMP message type>
I have SuSE 6.4 and patched my kernel for PPTP masq support. However, when I made the new kernel I said <M>to IPSec ESP & ISAKMP. Now, what it that module's name? And how do I load it?
participants (4)
-
Carsten Frewert
-
Gerhard Sittig
-
K Creason
-
SlavaU