Hmmm... that is rather strange. PROTO=17 is the icmp protocol, but there is definately no icmp type 513. Also, according to the log, you are receiving a packet from your address over your ethernet card... which is questionable at best. However, I can't think of any hacking purpose for sending such a packet, and so I tend to think that it was generated erroneously from someplace. My suggestion is to silently DENY anything that reaches you're box that isn't destined for you. Lot's of weirdness will be quietly discarded that way.
On Thu, Apr 19, 2001 at 01:38:07PM -0600, Robert Kerr wrote: > I'm using a cable modem, and have it firewalled at my box. Every now and > then I get the following messages on the current console > > Packet log: input REJECT eth0 PROTO=17 65.6.x.x:513 > 65.255.255.255:513 > L=160 S=0x00 I=20143 F=0x0000 T=64 (#5) > 24.7.73.5 sent an invalid ICMP error to a broadcast. > 24.7.73.5 sent an invalid ICMP error to a broadcast. > > where the 65.6.x.x is my address. > > Why are these coming? Are they warning me of something important? and > if not, can I send them to a log instead of my console? I would imagine that those messages are being logged... look at /var/logs/kernel and/or /ver/logs/messages (or try using grep to find them). If you can't find them, make sure that your firewall is logging everything somewhere, preferably through syslog (if you're using ipchains or iptables, it will be logging through syslog.) Finally take a look at /etc/syslog.conf to make sure that everything is being logged somewhere. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Wise men talk because they have something to say; fools, because they have to say something." - Plato (429-347 BC)
