Very Computer

Aug  7 07:38:49 compaq kernel: Packet log: input DENY ppp0 PROTO=1
142.163.65.96:8 199.245.227.117:0 L=36 S=0x00 I=42478 F=0x0000 T=110 (#87)

Just curious what this was an attempt to do (PROTO 1 is ICMP)?  The remote
IP resolves to 96warp65.newtel.com which has nothing to do with me or my
ISP.  I have been tail -f'g my logs to watch all the Code Red dummies, but
this is something different.

--
David Efflandt  (Reply-To is valid)  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

I seem to recall tracking this one down some time ago, and found that F5
Networks
BIG-IP boxes emit these cretinous packets for their own purposes; I was
never very
clear on what they thought they were doing, and their website doesn't give
out much.
But I think you are well within bounds to dump them unceremoniously on the
floor.

Quote:> Aug  7 07:38:49 compaq kernel: Packet log: input DENY ppp0 PROTO=1
> 142.163.65.96:8 199.245.227.117:0 L=36 S=0x00 I=42478 F=0x0000 T=110 (#87)

> Just curious what this was an attempt to do (PROTO 1 is ICMP)?  The remote
> IP resolves to 96warp65.newtel.com which has nothing to do with me or my
> ISP.  I have been tail -f'g my logs to watch all the Code Red dummies, but
> this is something different.

> --
> David Efflandt  (Reply-To is valid)  http://www.de-srv.com/
> http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
> http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

Well, the keys are
  Proto=1  (ICMP)
  :8       (ICMP Type 8 = Echo Request)
  :0       (ICMP code 0)

It looks like someone was pinging you.

--
Lew Pitcher

Master Codewright and JOAT-in-training
Registered Linux User #112576