On Tue, Sep 12, 2000 at 05:15:29PM -0500, Bret Hughes wrote:
> logcheck keeps spitting out these messages but not every hour like I
> thought originally. I thought it was a windows box but now I am
> thingking it might be my laptop. I did not see these over the weekend
> and may have even seen them on the public side of my interface, the one
> I vpn into from home.
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Sep 12 15:07:17 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68
> 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> Sep 12 15:16:31 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68
> 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> Sep 12 15:22:26 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68
> 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> Sep 12 15:27:32 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68
> 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
>
> >From /etc/services I see that these are bootp packets, right?
DHCP.
> Isn't bootp a network thing where the nic is looking for a server to
> serve an os?
>
> Does this mean I have a machine on my network with an a nic in it with a
> boot prom?
You probably have pump or a DHCP client running somewhere.
$ps | grep pump
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
