hi roman, but what about the internal-ip-range 192.168.0.x coming on my outbound-if?! shouldn't this ip has been masqueraded?! i thought about a specific ip-spoofing attack. bye, daniel Roman Drahtmueller schrieb:
hi list,
got this message some minutes ago
May 2 12:25:55 server kernel: Packet log: input DENY eth0 PROTO=1 192.168.0.2:3 this.is.my.ip:1 L=88 S=0x00 I=52687 F=0x000 0 T=243
This is a filtered icmp, subtype host-unreachable.
I doubt that it is a brilliant idea to filter these since you have to run into timeouts of connect() without them.
where eth0 is the outbound-interface which is protected by ipchains from ip-spoofing. some kind of attack?!
any ideas are appreciated...;-) many thanks in advance, bye,
daniel
Roman.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com