I am the original poster. One more thing to add: What is meant by SuSE-FW-DROP-ANTI-SPOOFING? Jan 9 22:06:55 bellini kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=18.62.3.197 DST=18.62.255.255 LEN=246 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=226 Jan 9 22:06:55 bellini kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=18.62.3.197 DST=18.62.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58 Jan 9 22:06:56 bellini kernel: SuSE-FW-ILLEGAL-TARGET IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:97:7f:8e:53:08:00 SRC=18.62.0.228 DST=18.62.0.0 LEN=128 TOS=0x00 PREC=0x00 TTL=64 ID=8845 PROTO=UDP SPT=1962 DPT=111 LEN=108 Thanks. 2003-01-09 목 22:10, ghugh Song이(가) 씀:
From while ago, I have been getting the following console message (also in /var/log/messages) almost everyday. When it happens, it shows on console in bursts.
==============================================================
Jan 9 21:58:29 bellini kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:a6:46:b3:cd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=15 ID=36934 PROTO=UDP SPT=68 DPT=67 LEN=556 Jan 9 21:58:37 bellini kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:a6:46:b3:cd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=15 ID=36935 PROTO=UDP SPT=68 DPT=67 LEN=556 Jan 9 21:58:44 bellini kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:10:4b:c6:f4:46:00:06:52:4e:b1:8a:08:00 SRC=217.9.113.69 DST=18.62.3.197 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=36051 DF PROTO=TCP SPT=3179 DPT=25 WINDOW=32120 RES=0x00 SYN URGP=0 OPT (020405B40402080A503A5E290000000001030300) Jan 9 21:58:52 bellini kernel: SuSE-FW-ILLEGAL-TARGET IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:97:7f:8e:53:08:00 SRC=18.62.0.228 DST=18.62.0.0 LEN=128 TOS=0x00 PREC=0x00 TTL=64 ID=8759 PROTO=UDP SPT=1955 DPT=111 LEN=108 Jan 9 21:58:53 bellini kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:a6:46:b3:cd:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=15 ID=36936 PROTO=UDP SPT=68 DPT=67 LEN=556
====================================================================
What is going on? Is anybody from "SRC" site attacking my linux box or what?
nslookup 18.62.0.228
shows a normally-looking output as follows:
Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 18.70.0.160 Address: 18.70.0.160#53
228.0.62.18.in-addr.arpa name =
.MIT.EDU. Thanks a lot.
G. H. S.