[opensuse] interpreting Firewall message in /var/log/firewall
Hello, Open_SuSErs Could someone please enlighten me, as to the meaning of :- ................... Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=317 ........................ Thanks -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, Open_SuSErs
Could someone please enlighten me, as to the meaning of :- ...................
Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET This is an input packet blocked because of an illegal target (as defined by your config) IN=vmnet8 It came in on your vmware net interface. OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00
riccardo35@gmail.com wrote: the from MAC address was all ones, yours was 0c:29:6c:3d:e4:08 Ethernet
SRC=0.0.0.0
src IP of the packet
DST=255.255.255.255 destination IP address (i.e. broadcast) LEN=337 length TOS=0x00 PREC=0x00 not sure TTL=128 time to live ID=1 PROTO=UDP
SPT=68
important, the protocol was a udp packet source port
DPT=67 destination port LEN=317
Summary, this was a broadcast packet from the DHCP server on your network to your machine, which you are blocking. There is a config option to allow broadcasts and not to log them. HTH. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Feb 07, 2007 at 11:36:06PM +0000, riccardo35@gmail.com wrote:
Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=317
Source port 68, destination port 67, UDP, from the "I don't yet know my IP address" 0.0.0.0 to the "network local broadcast address" 255.255.255.255 on a vmware network interface -- looks like a client trying to get a DHCP or BOOTP address. :)
participants (3)
-
Joe Morris (NTM)
-
riccardo35@gmail.com
-
Seth Arnold