|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: IP fw-in deny spam in logs
From: Jason Baker (jbaker
CANADAMORTGAGE.COM)Date: Tue Apr 11 2000 - 19:56:02 CDT
- Next message: Warren Belfer: "(no subject)"
- Previous message: karthik krishnamurthy: "Re: rooted by r0x - from address 212.177.241.127"
- Next in thread: Erich Meier: "Re: IP fw-in deny spam in logs"
- Reply: Erich Meier: "Re: IP fw-in deny spam in logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm trying to track this down, see if it's actually somebody trying to spoof
the localhost interface remotely, or something else running internally
(bootpc and bootps are both turned off on the server.
Basically, I get this spewed into the logfiles... I'll get a bunch, 8
seconds apart, then nothing for a few minutes, then another clump.
Apr 11 04:04:42 HostnameRemoved kernel: IP fw-in deny eth0 UDP 127.0.0.1:68
+255.255.255.255:67 L=276 S=0x00 I=60857 F=0x0000 T=128
I'd assume this is coming from these stock rules in the debian netbase:
# deny incoming packets pretending to be from 127.0.0.1
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
2>/dev/null || true
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
2>/dev/null || true
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
>/dev/null
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
>/dev/null
Jason
- Next message: Warren Belfer: "(no subject)"
- Previous message: karthik krishnamurthy: "Re: rooted by r0x - from address 212.177.241.127"
- Next in thread: Erich Meier: "Re: IP fw-in deny spam in logs"
- Reply: Erich Meier: "Re: IP fw-in deny spam in logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]