Re: [opensuse-security] A curious firewall message I don't understand.
Is the source MAC address a host on that network segment or is it the IP address of your router? Describe your network setup in a little more detail and maybe I can help with other ideas to figure this out. Wil ------------ Wilson Mattos Technology Specialist wmattos@novell.com 949-212-2805 Novell, Inc. Novell BrainShare 2008 This is Your Open Enterprise Register at http://www.novell.com/brainshare
"Carlos E. R." <robin.listas@telefonica.net> 01/17/08 12:28 PM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-01-17 at 13:01 -0700, Wilson Mattos wrote:
Is the external address of your host "128.9.0.107."
Certainly not. My IP is dynamic and never in that range; but that IP is the same in all the messages, since November.
If so, there is a host somewhere on the Internet that has this IP address configured as their DNS server.
Yes, ns1.isi.edu, I said so.
Probably a typo.
By whom? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHj7qAtTMYHG2NR9URAiuLAJ0aIF7vtFNrJyFVKZbEFG3dngw46ACfaufl Fqcdy49Oobwa+Sm6zrGGkgg= =vYmz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-01-17 at 14:28 -0700, Wilson Mattos wrote:
Is the source MAC address a host on that network segment or is it the IP address of your router? Describe your network setup in a little more detail and maybe I can help with other ideas to figure this out.
That mac must be the one from the router: nimrodel:~ # arp Address HWtype HWaddress Flags Mask Iface router ether 00:30:DA:70:D7:EA C eth0 No, it is not... hold on. log entry: Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ] The "MAC=..." corresponds to a composition of source mac + destination mac + unknown. Weird! See: MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 suse mac | router mac | ?? | | My network is very simple: small adsl---> router ---lan--+-----> PC with | (suse 10.3) firewall | with SuSEfirewall 192.168.1.1 | 192.168.1.12 mac: 00:30:DA:70:D7:EA | mac: 00:40:F4:2E:B1:21 | +----> 7.3 PC (off) | +----> TV gadget (disconected) | +----> free (disconected currently) And the wifi part of the adsl-router is off, too (it is a linux 2.4 embedded machine) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHj+zotTMYHG2NR9URAskGAJ9dOY80dMJgp/QAOaEWInCILwU1YQCgmYi8 g97ijVq7b3cCmOKCj7FnKo4= =ldUZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Carlos E. R. -
Wilson Mattos