-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, My setup is: small adsl---> router ---lan----> PC with (10.3) firewall 192.168.1.1 192.168.1.12 I see these repeated messages on my 10.3 system: Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39491 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2525 DPT=53 LEN=42 ] Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39492 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2528 DPT=53 LEN=42 ] Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39493 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ] Jan 15 14:16:55 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=98 TOS=0x00 PREC=0xC0 TTL=255 ID=39500 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=62240 DF PROTO=UDP SPT=2533 DPT=53 LEN=50 ] Jan 16 11:19:18 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=20624 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=41759 DF PROTO=UDP SPT=2696 DPT=53 LEN=40 ] Jan 16 14:07:48 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=1746 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44799 DF PROTO=UDP SPT=2737 DPT=53 LEN=40 ] Jan 17 11:11:12 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=123 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=3073 DPT=162 LEN=103 Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ] They started on Nov 4 (the day after I installed 10.3), and there is a total of 112 entries. My first idea was that my router (192.168.1.1) was doing a DNS query to my linux machine (192.168.1.12), which is weird as the router uses a remote dns server as defined by my ISP. The linux machine does have a local dns server as cache and server. But then I noticed this part: PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107.... The dest part in brackets is always the same, and it is a dns server (ns1.isi.edu). I don't know how to decipher this... what is it all about? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHj6QhtTMYHG2NR9URAvuqAJ9YPDWnU68t2IakpYl/PDFjEtzHqgCdFPe2 SnKxMIxKa3SFvK17/clsKsE= =4+lG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org