by c.s. » Mon, 24 Jun 2002 07:31:47
I'm running the "Firestarter" firewall on Mandrake 8.2. and once
Firestarter is running I get hits on port 62827 EVERY SECOND!
the following message also fills up dmesg :
IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:47:d6:f5:e0:08:00
SRC=24.50.40.88 DST=255.255.255.255 LEN=72 TOS=0x00 PREC=0x00
TTL=128 ID=24666 PROTO=UDP SPT=1026 DPT=62827 LEN=52
Does anybody know what this means?
Help,
--chris
by Jack S. La » Mon, 24 Jun 2002 07:43:57
c.s.h. did go forth and write:
I can't remember what it means, but in rc.local I have:Quote:> Hi,
> I'm running the "Firestarter" firewall on Mandrake 8.2. and once
> Firestarter is running I get hits on port 62827 EVERY SECOND!
> the following message also fills up dmesg :
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:47:d6:f5:e0:08:00
> SRC=24.50.40.88 DST=255.255.255.255 LEN=72 TOS=0x00 PREC=0x00
> TTL=128 ID=24666 PROTO=UDP SPT=1026 DPT=62827 LEN=52
> Does anybody know what this means?
> Help,
> --chris
iD8DBQE9FP2Z9/VKdZrnv3YRAnvzAJ95NttsuGM5lDdMIOe0TdIy6Q6fRwCdEjCl
zQsodmefL8HyU3LoVZDTzL4=
=iluT
-----END PGP SIGNATURE-----
1. Continuous hits on Masq'ing firewall with AT&T @Home
I strongly suspect that this problem is caused by my setup and not a
human attacker, however this seems to be the closest-to-correct place
to post.
I have my Linux box configured as a masquerading firewall. There are
two other computers running on an ethernet over eth1; the cable modem
is addressed via eth0. The problem is, /var/log/messages is filling
with denied packets. (Sample below.)
These messages do not stop, even if I disconnect the masq server from
the rest of the internal network. They do stop if I disconnect from
the cable modem.
There are a couple of really odd things about these: none of the IP
addresses coincide with anything I've got. I am using the 192.168.0.x
net locally, and my external IP is 24.10.137.22 (subnet mask
255.255.254.0, as per AT&T's instructions). As far as I can tell, none
of these packets should be coming anywhere near my machine.
Anyway, help would be greatly appreciated.
----from /var/log/messages----
Nov 29 20:30:10 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.13.154.46:1561 24.13.159.255:39213 L=140 S=0x00 I=20720
F=0x0000 T=128 (#5)
Nov 29 20:30:10 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.6.224.72:520 24.6.227.255:520 L=72 S=0x00 I=37060 F=0x0000
T=128 (#5)
Nov 29 20:30:10 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.8.17.152:1025 24.8.17.255:138 L=220 S=0x00 I=16033 F=0x0000
T=64 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.1.10.193:1024 24.1.15.255:138 L=248 S=0x00 I=46409 F=0x0000
T=128 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.8.17.154:138 24.8.17.255:138 L=219 S=0x00 I=41291 F=0x0000
T=128 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.8.17.23:138 24.8.17.255:138 L=219 S=0x00 I=6875 F=0x0000
T=32 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.1.15.234:1024 24.1.15.255:138 L=239 S=0x00 I=57433 F=0x0000
T=128 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.1.12.242:1024 24.1.15.255:138 L=246 S=0x00 I=12239 F=0x0000
T=128 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.1.12.148:1025 24.1.15.255:138 L=235 S=0x00 I=48390 F=0x0000
T=128 (#5)
Nov 29 20:30:11 aluminum-metal kernel: Packet log: input DENY eth0
PROTO=17 24.6.228.154:137 24.6.229.255:137 L=96 S=0x00 I=4608 F=0x0000
T=128 (#5)
--
Ben Olmstead/BEM
2. Hello...
3. DCHP port firewall hits - can someone explain?
4. What is a distributed Operating System
5. Firewall hits, src and dest port 500?
7. Continuous traffic on port 22
8. Help me to mount FAT32 partitions.
9. Continuous Traffic Flying on Loopback Port?
10. Firewall hits from websites
11. linux firewall is getting a really bad speed hit
12. What are these hits on my firewall?
13. Firewall hit