Hi, this behavor of SuSEfirewall2 is normal if the broadcast is issued from your machine itself. The anti-spoofing-rules complain about EVERYTHING that arrives non your network interface and has your own source IP. If you run software that uses UDP port 520 (RIP) and everything works fine, just ignore the warnings; they are part of normal operation. If you need to receive those packets, add a custom rule to your SuSEfirewall2-custom file (don't forget to activate this file in the main script). Note that you won't notice when anybody on your subnet would send spoofed broadcast packets on UDP port 520 with your IP address. You can also use custom rules to silently drop those packets without being logged. This is useful for packets considered harmless, so only real warnings get logged. Regards, Holger Am Donnerstag, 5. Juni 2003 09:57 schrieb Puth Chan Choth:
Hello all,
I have many ANTI-SPOOFINGs. I spoofed from my public IP to my broadcast and I do not why? Here is the log file that I got: Jun 5 14:49:55 server1 kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=[My Public IP] DST=[My Public Broadcast] LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=32
Does it mean that someone tries to hack me? If it is, how can I protect myself from hacking?
Thank you so much for your assistance.
Best regards, Chan Choth