Re: Re[2]: IP Firewall logging

Tom Williamson Mon, 22 May 2000 10:38:49 -0700
Actually, I think it was just "normal" cable modem traffic as another user
suggested.  I use my Linux box as a gateway (which is why I was so concerned
about firewall issues) and from what I understand the local cable loop is
just a big "LAN".    So all that bootp/dhcp traffic was hitting my box and
getting logged.   I fixed it by only logging stuff that hits my IP
specifically.


-----Original Message-----
From: badger <[EMAIL PROTECTED]>
To: Burke, Thomas G. <[EMAIL PROTECTED]>
Date: Monday, May 22, 2000 9:37 AM
Subject: Re[2]: IP Firewall logging


>Hello Thomas,
>
>Monday, May 22, 2000, 5:12:56 AM, you wrote:
>
>BTG> Maybe someone on the outside is trying to spoof your machine with
internal
>BTG> network IP's?
>
>>> -----Original Message-----
>>> From: Tom Williamson [SMTP:[EMAIL PROTECTED]]
>>> Sent: Sunday, May 21, 2000 10:15 AM
>>> To:   Redhat List
>>> Subject:      IP Firewall logging
>>>
>>> I used the excellent firewall page at
>>> <http://linux-firewall-tools.com/linux/firewall/index.html> to design a
>>> firewall script for my system, and it appears to work.  But it's
bloating
>>> my log files tremendously with entries like the ones below - anyone have
>>> any idea what they are?
>>>
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.1.4:68 255.255.255.255:67 L=276 S=0x00 I=57684 F=0x0000 T=128
(#7)
>>>
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.0.2:1015 255.255.255.255:1015 L=176 S=0x00 I=16158 F=0x0000
T=128
>>> (#7)
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.0.2:1015 255.255.255.255:1015 L=176 S=0x00 I=16414 F=0x0000
T=128
>>> (#7)
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.0.2:1015 255.255.255.255:1015 L=176 S=0x00 I=16670 F=0x0000
T=128
>>> (#7)
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.0.2:1015 255.255.255.255:1015 L=176 S=0x00 I=16926 F=0x0000
T=128
>>> (#7)
>>> May 21 07:20:52 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=12 F=0x0000 T=255 (#12)
>>> May 21 07:20:53 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=576 S=0x00 I=51981 F=0x0000 T=15 (#12)
>>> May 21 07:20:53 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=14 F=0x0000 T=255 (#12)
>>> May 21 07:20:53 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 24.1.196.86:68 255.255.255.255:67 L=576 S=0x00 I=0 F=0x0000 T=64 (#69)
>>> May 21 07:20:53 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 169.254.242.8:68 255.255.255.255:67 L=604 S=0x00 I=19018 F=0x0000 T=128
>>> (#31)
>>> May 21 07:20:53 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 169.254.242.8:68 255.255.255.255:67 L=604 S=0x00 I=19274 F=0x0000 T=128
>>> (#31)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 24.1.195.172:68 255.255.255.255:67 L=276 S=0x00 I=41007 F=0x0000 T=128
>>> (#69)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=18555 F=0x0000 T=254 (#12)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.120.1:1015 255.255.255.255:1015 L=176 S=0x00 I=45762 F=0x0000
>>> T=128 (#7)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 192.168.120.1:1015 255.255.255.255:1015 L=176 S=0x00 I=46018 F=0x0000
>>> T=128 (#7)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3 F=0x0000 T=255 (#12)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 169.254.100.1:68 255.255.255.255:67 L=604 S=0x00 I=20479 F=0x0000 T=128
>>> (#31)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 169.254.100.1:68 255.255.255.255:67 L=604 S=0x00 I=20735 F=0x0000 T=128
>>> (#31)
>>> May 21 07:20:54 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3 F=0x0000 T=255 (#12)
>>> May 21 07:20:55 cx449080-a kernel: Packet log: input DENY eth0 PROTO=17
>>> 24.1.221.86:68 255.255.255.255:67 L=328 S=0x00 I=57057 F=0x0000 T=128
>>> (#69)
>>>
>
>
>
>The 0.0.0.0 and 255.255.255.255 type 17 (udp) ports 67 and 68 are
>bootp and are probably a result of nt or windows machine booting up
>and spewing onto your internal network. It could also be perhaps bootp
>on one of your Linux machines?  Also could be maybe a DSL modem etc.
>The best way to find out is to put a sniffer on the wire.
>
>
>--
>Best regards,
> badger                            mailto:[EMAIL PROTECTED]
>
>
>
>--
>To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
>as the Subject.
>


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
Re: Re[2]: IP Firewall logging

Reply via email to
