Hi, On Wed, 8 Nov 2006 18:36:09 +0100 Anders Johansson <.> wrote:
Oct 12 21:53:40 moorczy kernel: SuSE-FW-DROP-ICMP-CRIT IN=ppp0 SRC=210.6.34.56 DST=145.236.115.203 LEN=56 TOS=0x00 PREC=0x00 TTL=42 ID=15399 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=210.6.33.94 [ SRC=145.236.115.203 DST=210.6.33.94 LEN=46 TOS=0x00 PREC=0x00 TTL=40 ID=63342 DF PROTO=UDP SPT=1029 DPT=23792 LEN=26 ]
This is an ICMP redirect, telling you that if you want to get to 210.6.33.94, you need to use 210.6.33.94 as a gateway. It doesn't look like an attack (hint: not everything dropped by your firewall is an 'attack') as much as a misconfigured router (specifically the one with IP 210.6.34.56)
Yes, thank you; in fact that is why I asked, because couldn't decide for sure, if its a real attack or not! Needless to say that this host in Hong Kong was very likely never visited by me or my family. Probably random try or was sup- posed to come against the comp previously using "our" dynamic IP.
Oct 13 13:26:52 moorczy kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=192.168.1.10 DST=145.236.212.120 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=15580 DF PROTO=TCP SPT=1270 DPT=139 WINDOWS=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)
This is a standard Win98 style NETBIOS network browse.
Hmmm. I don't think that a Linux-only small network, hanging on a freenet provider would be normally contacted from outside with 192.168.1.x-type internal IP address. But the fact is that there every 20 seconds a kiddie or alike is knocking. Regards, Pelibali --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org