Re: [SLE] Strange firewall logs.

18 Feb 2003


      Thank you for your answer. What I cannot yet understand is why and how this 
packets are routed to my box. I mean how is it possible that I see packets 
whose source or destination is not mine?

On Monday 17 February 2003 20:33, Jon Hoffman wrote:
...
On Tuesday 18 February 2003 11:15, adm wrote:
...
Can someone explain the following firewall trace? I run a Linux box (not
in LAN) that is connected to the Internet via PPP. Look at the IP
addresses: 195.130.232.21 is not mine! Whose are they? And what kind of
address is the 224.0.0.1 (reserved!)? Thank you in advance.
You can do a nslookup on the 195.130.232.21 address to find out who it is
(it comes back as f0-0-0.NAS-CT-2.net.tiscali.it)  and then go to there web
site (tiscali.it) they dicribe themselves as the european internet company
so they are probably an ISP of some sort in europe.
The 224.0.0.1 is a reserved address that multicasts to all systems.  Mainly
used in router discovery.
I am assuming that since it is in your log files you are blocking this
traffic so all is good.
...
Feb 18 16:05:34 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56123
OP (94040000) PROTO=2
Feb 18 16:06:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=58787
OP (94040000) PROTO=2
Feb 18 16:07:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=61542
OP (94040000) PROTO=2
Feb 18 16:08:35 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=64584
OP (94040000) PROTO=2
Feb 18 16:09:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=1934
OPT (94040000) PROTO=2
Feb 18 16:10:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=4839
OPT (94040000) PROTO=2
Feb 18 16:10:50 myhost kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
SRC=62.135.1.27 DST=62.11.78.46 LEN=78 TOS=0x00 PREC=0x00 TTL=105 ID=2133
PROTO=UDP SPT=1026 DPT=137 LEN=58
Feb 18 16:11:37 myhost kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC=
SRC=195.130.232.21 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7692
OPT (94040000) PROTO=2
-- 


Fabio De Francesco