|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] What is this???
From: mute (datatwirl
gis.net)Date: Fri Oct 13 2000 - 11:53:00 CDT
- Next message: Steven Thompson: "[suse-security] Redirection to a Private network address on a firewall"
- Previous message: MaD dUCK: "Re: [suse-security] What is this???"
- In reply to: Geordon VanTassle: "[suse-security] What is this???"
- Next in thread: Gerhard Sittig: "Re: [suse-security] What is this???"
- Reply: mute: "Re: [suse-security] What is this???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
there is a file /proc/sys/net/ipv4/conf/*interface*/log_martians which is
responsible for logging that packet (1 in it makes it log, 0 doesnt)....
that packet was dropped and logged due to reverse path filtering
(/proc/sys/net/ipv4/conf/*interface*/rp_filter), meaning that that
log_martians file is simply a switch to log packets which will be dropped.
now, im not a big routing buff, so i cannot say much about reverse path
filtering. in my knowledge, it filters out packets which are not supposed to
be on your network, like packets with 192.168.*.* source adresses, and
such... my knowledge on the subject is quite shaky however... im reading
right now http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-12.html and it
describes reversse path filtering. so i suggest you read that too : )
----- Original Message -----
From: Geordon VanTassle <adminthecoventree.com>
To: <suse-securitysuse.com>; <suse-linux-esuse.com>
Sent: Friday, October 13, 2000 11:30 AM
Subject: [suse-security] What is this???
-----BEGIN PGP SIGNED MESSAGE-----
I'm hoping that someone can tell me what these log entries from my
firewall are saying. I'm using a stock SuSE kernel and running a
hardened IPCHAINS script. I've never seen entries like this before
upgrading to SuSE 7.0 Pro. IS something new running? (someone I know
mentioned Ipv6 as a possible culprit...
Thanks,
Geordon
Oct 12 22:44:05 moat kernel: martian source 8e3ffea9 for fffffea9, dev
eth1
Oct 12 22:44:05 moat kernel: ll header: ff ff ff ff ff ff 00 10 a4 aa da
e2 08 00
Oct 12 22:44:05 moat kernel: Packet log: input REJECT eth1 PROTO=17
169.254.63.142:137 169.254.255.255:137 L=96 S=0x00 I=11008 F=0x0000 T=128
(#69)
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its
affiliated companies.
iQCVAwUBOecqjQxZtdy6rIb1AQHD1gP/Sspvs6NcbG9UwBagxJdqYUKhdyR/IuLD
8SFTI8AfNPsAdfjnzNVExp9zvaAMlSZYtukNH76CbAx04bihYie78DsgRC/JpoEd
fokv2I+qTy9wh8AIggeSQYPS1qybbe8ZTkzg/ksYh3lmw6xgEsE70Qr5zEJdkArF
w4gyug3DaVM=
=uxWG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: Steven Thompson: "[suse-security] Redirection to a Private network address on a firewall"
- Previous message: MaD dUCK: "Re: [suse-security] What is this???"
- In reply to: Geordon VanTassle: "[suse-security] What is this???"
- Next in thread: Gerhard Sittig: "Re: [suse-security] What is this???"
- Reply: mute: "Re: [suse-security] What is this???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]