RE: [suse-security] Firewall Logging (no CodeRed :-)
-----Original Message----- From: Thomas Nowak [mailto:thomas.nowak@vr-fabrik.de] Sent: Freitag, 10. August 2001 13:05 Cc: suse-security@suse.com Subject: Re: [suse-security] Firewall Logging (no CodeRed :-)
Scharpff@tembit.de wrote:
Mostly I'm supriesed to find Log-Entrys wich do not belong
to the Subnet for
this NIC. I know that with special settings I can read virtualy ALL the network-traffic comming along the NIC, but the Kernel should normaly only "see" valid packets from within the subnet the NIC is asigned to ...
No the NIC looks for packages were the destination adresse is the own or the broadcast address ( in "normal" operation mode ) Because there should no packages arrive with a source address of the internal network on the external device and via verse there are rules which block such packages. So this is what you see in your log. So the question is how comes the package in the wrong subnet? May be misconfiguration of an computer or a notebook in the wrong subnet ?
No, this runs all on one Hub (just for testing !!) But this means that the NIC hands ALL Packets to the Kernel, and according to the Rules it is dropped oder forwarded or whatever. I thought that the NIC directly "ignores" this Packets. So, no wonder that this denied at eth0.
And also I'm wondering why the logging works although I set it to "no".
Btw, does anyone know where to see what are "critical" Events ?
This are good questions :-)
So, only an good answer is missing :-) Franziskus
Scharpff@tembit.de wrote:
No, this runs all on one Hub (just for testing !!) But this means that the NIC hands ALL Packets to the Kernel, and according to the Rules it is dropped oder forwarded or whatever. I thought that the NIC directly "ignores" this Packets. So, no wonder that this denied at eth0.
OK I see thr problem now. What says ifconfig -a ? Bye Thomas
participants (2)
-
Scharpff@tembit.de
-
Thomas Nowak