Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Re: ICMP
  • From: "john" <johnvd@xxxxxxxxx>
  • Date: Sat, 29 Dec 2001 11:57:20 +0100
  • Message-id: <000901c19057$96dffa20$9600000a@xxxxxxxxx>
Hi Johannes,

I must admit that both these IP's are not in my network, I've got two NIC's,
one with 192.168.0.50(LAN)
and one with 10.0.0.150(ADSL) Then I have pptp over ppp0.(zwiffelzwaffel)
And of course 127.0.0.1.

I have these MASQ rules set :

Chain forward (policy DENY):
num target prot opt source destination
ports
1 MASQ all ------ 192.168.0.0/24 10.0.0.138 n/a
2 MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
3 DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a

Thanks,
JohnvD.

----- Original Message -----
From: Johannes Marloth <johannes.marloth@xxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Saturday, December 29, 2001 8:30 AM
Subject: [suse-security] Re: ICMP


> Hi JohnvD and all other,
>
> > kernel: IP_MASQ:reverse ICMP: failed checksum from 195.64.6.130!
>
> I'd like to know if 195.64.6.130 is your IP? Surely?!
>
> > Dec 28 00:10:33 zwiffelzwaffel kernel: IP_MASQ:reverse ICMP: failed
> checksum from 213.7.32.37!
>
> It seems that your masquerading fails for 213.7.32.37. Another point
> can be the masquerading and/or forwarding set (misconfigured?). Maybe
> also an attack is possible....
> But if I read:
>
> > Dec 28 12:17:51 zwiffelzwaffel kernel: eth1: Setting Rx mode to 1
> addresses.
>
> Two years ago (something around this :) i got the same message and
> after five days the nic 'died'....
>
> Perhaps try to deactivate all unnecessary masquerading modules &
> rules. If you have another netcard, maybe the replacement works...
>
> Hope you get it solved,
> Johannes
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
References