Thank you for your answer. What I cannot yet understand is why and how this packets are routed to my box. I mean how is it possible that I see packets whose source or destination is not mine? On Monday 17 February 2003 20:33, Jon Hoffman wrote:
On Tuesday 18 February 2003 11:15, adm wrote:
Can someone explain the following firewall trace? I run a Linux box (not in LAN) that is connected to the Internet via PPP. Look at the IP addresses: 195.130.232.21 is not mine! Whose are they? And what kind of address is the 224.0.0.1 (reserved!)? Thank you in advance.
You can do a nslookup on the 195.130.232.21 address to find out who it is (it comes back as f0-0-0.NAS-CT-2.net.tiscali.it) and then go to there web site (tiscali.it) they dicribe themselves as the european internet company so they are probably an ISP of some sort in europe.
The 224.0.0.1 is a reserved address that multicasts to all systems. Mainly used in router discovery.
I am assuming that since it is in your log files you are blocking this traffic so all is good.
Feb 18 16:05:34 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56123 OP (94040000) PROTO=2 Feb 18 16:06:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=58787 OP (94040000) PROTO=2 Feb 18 16:07:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=61542 OP (94040000) PROTO=2 Feb 18 16:08:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=64584 OP (94040000) PROTO=2 Feb 18 16:09:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=1934 OPT (94040000) PROTO=2 Feb 18 16:10:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=4839 OPT (94040000) PROTO=2 Feb 18 16:10:50 myhost kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=62.135.1.27 DST=62.11.78.46 LEN=78 TOS=0x00 PREC=0x00 TTL=105 ID=2133 PROTO=UDP SPT=1026 DPT=137 LEN=58 Feb 18 16:11:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7692 OPT (94040000) PROTO=2
-- Fabio De Francesco