Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] firewall log entries
  • From: Robert Rottscholl <lv426@xxxxxxxxxxxxxxx>
  • Date: Sun, 02 Dec 2001 22:43:42 +0100
  • Message-id: <3C0AA08E.6000206@xxxxxxxxxxxxxxx>


SoulPatrol wrote:

> Hallo Robert,
>
> Am Saturday, December 01, 2001, 6:23:38 PM, schriebst du:
>
>
>
>
>>michael.ryan@xxxxxxxx wrote:
>>
>
>>>I just noticed the following entries in my firewall log:
>>>
>>>Nov 23 19:44:11 kore kernel: Packet log: input DENY eth0 PROTO=6
>>>192.168.1.4:22
>>>a.b.c.d:22 L=40 S=0x00 I=16126 F=0x0000 T=246 SYN (#3)
>>>Nov 23 19:47:21 kore kernel: Packet log: input DENY eth0 PROTO=6
>>>192.168.1.4:22
>>>a.b.c.d:22 L=40 S=0x00 I=28824 F=0x0000 T=246 SYN (#3)
>>>Nov 23 19:47:58 kore kernel: Packet log: input DENY eth0 PROTO=6
>>>192.168.1.4:22
>>>a.b.c.d:22 L=40 S=0x00 I=9754 F=0x0000 T=246 SYN (#3)
>>>Nov 23 19:51:35 kore kernel: Packet log: input DENY eth0 PROTO=6
>>>192.168.1.4:22
>>>a.b.c.d:22 L=40 S=0x00 I=38173 F=0x0000 T=246 SYN (#3)
>>>
>>>eth0 is the external i/f ... does this indicate ssh connection attempts
>>>with spoofed IP source addresses?
>>>(I do have a machine on reserved IP address 192.168.1.4 but it can only
>>>establish connections to the firewall via eth1)
>>>
>>>TIA
>>>Michael
>>>
>>>
>>>
>>>
>>Hi Michael,
>>
>
>
>>you should enable ROUTE VERIFICATION
>>---snap----
>>
>
echo >> "1" /proc/sys/net/ipv4/conf/<device>/rp_filter

^
|

|

What's that good for? See "http://www.netcologne.de/~meberg/netfilter/Packet-Filtering-HOWTO.txt";

near the end you find the description.

Ciao ;-) Robert


>
>>--end of snap--
>>
>
>>Ciao ;-)
>>
>
>>Robert Rottscholl - DE
>>
>
>




< Previous Next >
This Thread
References