SuSE-FW-DROP-ANTI-SPOOFING message
I am getting the following message roughly once a minute: Apr 13 13:45:10 telluride kernel: SuSE-FW-DROP-ANTI-SPOOFINGIN=eth1 OUT= MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=76 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 My logs are filling up. I have searched Google and other places, but all I have found are some emails in German which I don't speak. Can anyone help me with this? What is going on and what should I do about it? Thanks!
Hi Bob, when you type this: grep 123 /etc/services then you find out, that 123 is ntp (network time protocol). The packets come from 192.168.0.1 (probably a machine on your lan, my guess would be - windows XP?) and they are sent to 192.168.0.255 - a broadcast. So machine 192.168.0.1 is probably looking for an ntp-Server to talk to. I suppose your Linux-Box is none - if there is a posibility in personal firewall to explicitly drop some packages, then add a rule to do so for ntp-packeges with destination 192.168.0.255. Interesting would be, what your local IP is, that would help finding out, why the anti-spoofing-rule drops these packages. If it is 192.168.0.1, then you have 2 boxes in the lan with the same IP and then you should fix that. Best regards, Ralf Ronneburger Bob Berman wrote:
I am getting the following message roughly once a minute:
Apr 13 13:45:10 telluride kernel: SuSE-FW-DROP-ANTI-SPOOFINGIN=eth1 OUT= MAC= SRC=192.168.0.1 DST=192.168.0.255 LEN=76 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56
My logs are filling up. I have searched Google and other places, but all I have found are some emails in German which I don't speak. Can anyone help me with this? What is going on and what should I do about it?
Thanks!
participants (2)
-
Bob Berman
-
Ralf Ronneburger