Ipchains log messages
Hi! my ipchains is producing the following output in the logfiles: Mar 13 15:35:32 clint kernel: Packet log: input DENY eth0 PROTO=1 aaa.aaa.aaa.aaa:8 bbb.bbb.bbb.bbb:0 L=84 S=0x00 I=11654 F=0x0000 T=57 (#792) I wonder why I get this messages because the IP-Adress bbb.bbb.bbb.bbb is none of mine! (but its in the same subnet) Its very annoying because Host aaa.aaa.aaa.aaa is sending ICMPs to bbb.bbb.bbb.bbb for several hours now, and my logfile is growing quite big... bye Christian
Hi!
my ipchains is producing the following output in the logfiles:
Mar 13 15:35:32 clint kernel: Packet log: input DENY eth0 PROTO=1 aaa.aaa.aaa.aaa:8 bbb.bbb.bbb.bbb:0 L=84 S=0x00 I=11654 F=0x0000 T=57 (#792)
I wonder why I get this messages because the IP-Adress bbb.bbb.bbb.bbb is none of mine! (but its in the same subnet)
Its very annoying because Host aaa.aaa.aaa.aaa is sending ICMPs to bbb.bbb.bbb.bbb for several hours now, and my logfile is growing quite big...
if aaa.aaa.aaa.aaa is from your subnet, then it is likely that it's trying to use your machine as a default router. Which you should turn off by either turning the machine off and beat the responsible person, by _allowing_ it to route and see what happens or by just inserting a rule into the input chain that looks like this: ipchains -I input -i eth0 -s aaa.aaa.aaa.aaa -j REJECT I feel that the first alternative (with a finer granularity of the treatment of the person) is the most efficient solution. If aaa isn't in your subnet, complain at your provider's.
bye
Christian
Grüße aus Nürnberg,
Roman.
--
- -
| Roman Drahtmüller
Hi! the actual situation is that our host is hosted at an ISP. IP-Adress aaa.aaa.aaa.aaa is an t-online-dialin-adress (I want to say its NOT in our subnet) bbb.bbb.bbb.bbb seems to be a machine which is also hosted at the same ISP as we are. (and in the same subnet) So you think, ist a misconfiguration of the provider's router? bye Christian P.S.: aaa.aaa.aaa.aaa stopped sending packets now! :-) -----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: Dienstag, 13. März 2001 15:59 To: Christian Bohn Cc: Suse security Subject: Re: [suse-security] Ipchains log messages
Hi!
my ipchains is producing the following output in the logfiles:
Mar 13 15:35:32 clint kernel: Packet log: input DENY eth0 PROTO=1 aaa.aaa.aaa.aaa:8 bbb.bbb.bbb.bbb:0 L=84 S=0x00 I=11654 F=0x0000 T=57 (#792)
I wonder why I get this messages because the IP-Adress bbb.bbb.bbb.bbb is none of mine! (but its in the same subnet)
Its very annoying because Host aaa.aaa.aaa.aaa is sending ICMPs to bbb.bbb.bbb.bbb for several hours now, and my logfile is growing quite big...
if aaa.aaa.aaa.aaa is from your subnet, then it is likely that it's trying to use your machine as a default router. Which you should turn off by either turning the machine off and beat the responsible person, by _allowing_ it to route and see what happens or by just inserting a rule into the input chain that looks like this: ipchains -I input -i eth0 -s aaa.aaa.aaa.aaa -j REJECT I feel that the first alternative (with a finer granularity of the treatment of the person) is the most efficient solution. If aaa isn't in your subnet, complain at your provider's.
bye
Christian
Grüße aus Nürnberg,
Roman.
--
- -
| Roman Drahtmüller
On Tue, 13 Mar 2001, Christian Bohn wrote:
my ipchains is producing the following output in the logfiles:
Mar 13 15:35:32 clint kernel: Packet log: input DENY eth0 PROTO=1 aaa.aaa.aaa.aaa:8 bbb.bbb.bbb.bbb:0 L=84 S=0x00 I=11654 F=0x0000 T=57 (#792)
In general (short of the suggestions already made) I would do something like ipchains -I input 790 -p 1 -s aaa.aaa.aaa.aaa 8 -d bbb.bbb.bbb.bbb 0 \ -j DENY this will silently deny (no -l option) these packets. You should of course first make sure that these packages are no thread to your security and you can safely ignore them... Dirk
participants (3)
-
Christian Bohn
-
dirk janssen
-
Roman Drahtmueller