Hi! the actual situation is that our host is hosted at an ISP. IP-Adress aaa.aaa.aaa.aaa is an t-online-dialin-adress (I want to say its NOT in our subnet) bbb.bbb.bbb.bbb seems to be a machine which is also hosted at the same ISP as we are. (and in the same subnet) So you think, ist a misconfiguration of the provider's router? bye Christian P.S.: aaa.aaa.aaa.aaa stopped sending packets now! :-) -----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: Dienstag, 13. März 2001 15:59 To: Christian Bohn Cc: Suse security Subject: Re: [suse-security] Ipchains log messages
Hi!
my ipchains is producing the following output in the logfiles:
Mar 13 15:35:32 clint kernel: Packet log: input DENY eth0 PROTO=1 aaa.aaa.aaa.aaa:8 bbb.bbb.bbb.bbb:0 L=84 S=0x00 I=11654 F=0x0000 T=57 (#792)
I wonder why I get this messages because the IP-Adress bbb.bbb.bbb.bbb is none of mine! (but its in the same subnet)
Its very annoying because Host aaa.aaa.aaa.aaa is sending ICMPs to bbb.bbb.bbb.bbb for several hours now, and my logfile is growing quite big...
if aaa.aaa.aaa.aaa is from your subnet, then it is likely that it's trying to use your machine as a default router. Which you should turn off by either turning the machine off and beat the responsible person, by _allowing_ it to route and see what happens or by just inserting a rule into the input chain that looks like this: ipchains -I input -i eth0 -s aaa.aaa.aaa.aaa -j REJECT I feel that the first alternative (with a finer granularity of the treatment of the person) is the most efficient solution. If aaa isn't in your subnet, complain at your provider's.
bye
Christian
Grüße aus Nürnberg,
Roman.
--
- -
| Roman Drahtmüller