Very Computer

by **mr.e** » Mon, 26 Mar 2001 07:08:51

I=36770 F=0x0000 T=64 (#16)

I=36778 F=0x0000 T=64 (#16)

I=36785 F=0x0000 T=64 (#16)

I=36793 F=0x0000 T=64 (#16)

This just doesn't look right and coincientally my internal LAN is now
down and can't connect to the net. Ifconfig -a shows all up and
addressed as they should be, however there is no link light on eth1.
This is not anomalous as the LAN has been up and operating for weeks
with no link light on eth1. Link lights are lit on both internal masqed
machines. IS someone playing with both my head and my toys?
Opinions and help appreciated
Cheers
BM

by **Rick Matthe** » Mon, 26 Mar 2001 09:55:54

>I=36770 F=0x0000 T=64 (#16)

>I=36778 F=0x0000 T=64 (#16)

The ipchains log entries are not really that difficult to read if
you'll put a little time into it. This page contains almost everything
you'll need (Don't miss the section on logging near the bottom of the -
page):
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html#ss4.1

Save this link, too:
http://www.robertgraham.com/pubs/firewall-seen.html

>I=36770 F=0x0000 T=64 (#16)

proto=1
Protocol=1
Look in /etc/protocols:
icmp 1 ICMP # internet control message protocol

With ICMP, the numbers after the colons are not ports; the first is the
type and the second is the code. An ICMP 0 0 is a ping response. You
were probably pinging your gateway, they were responding, and your
firewall was blocking it and logging the block.

You may return to DEFCON 5.

--
Thought for the day:
<http://mysite.directlink.net/matthews/smiles/started.htm>

Very Computer

please read this packet log: Crack attempt?

please read this packet log: Crack attempt?

please read this packet log: Crack attempt?