[opensuse] interpreting Firewall message in /var/log/firewall - openSUSE Users - openSUSE Mailing Lists

newer
[opensuse] softlink

[opensuse] interpreting Firewall message in /var/log/firewall

older
[opensuse] zen updater

riccardo35＠gmail.com

7 Feb 2007 7 Feb '07

23:36

Hello, Open_SuSErs Could someone please enlighten me, as to the meaning of :- ................... Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=317 ........................ Thanks -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Show replies by date

Joe Morris (NTM)

7 Feb 7 Feb

23:54

Hello, Open_SuSErs

Could someone please enlighten me, as to the meaning of :- ...................

Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET This is an input packet blocked because of an illegal target (as defined by your config) IN=vmnet8 It came in on your vmware net interface. OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00

riccardo35@gmail.com wrote: the from MAC address was all ones, yours was 0c:29:6c:3d:e4:08 Ethernet

SRC=0.0.0.0

src IP of the packet

DST=255.255.255.255 destination IP address (i.e. broadcast) LEN=337 length TOS=0x00 PREC=0x00 not sure TTL=128 time to live ID=1 PROTO=UDP

SPT=68

important, the protocol was a udp packet source port

DPT=67 destination port LEN=317

Summary, this was a broadcast packet from the DHCP server on your network to your machine, which you are blocking. There is a config option to allow broadcasts and not to log them. HTH. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Seth Arnold

8 Feb 8 Feb

00:01

On Wed, Feb 07, 2007 at 11:36:06PM +0000, riccardo35@gmail.com wrote:

Feb 6 14:38:46 AIG kernel: SFW2-IN-ILL-TARGET IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0c:29:6c:3d:e4:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=0x00 PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=317

Source port 68, destination port 67, UDP, from the "I don't yet know my IP address" 0.0.0.0 to the "network local broadcast address" 255.255.255.255 on a vmware network interface -- looks like a client trying to get a DHCP or BOOTP address. :)

Reply

Sign in to reply online Use email software

6288

Age (days ago)

6289

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

Joe Morris (NTM)
riccardo35＠gmail.com
Seth Arnold