Hal Burgiss wrote:
> On Tue, Sep 12, 2000 at 05:15:29PM -0500, Bret Hughes wrote:
> > logcheck keeps spitting out these messages but not every hour like I
> > thought originally. I thought it was a windows box but now I am
> > thingking it might be my laptop. I did not see these over the weekend
> > and may have even seen them on the public side of my interface, the one
> > I vpn into from home.
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Sep 12 15:07:17 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68
> > 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> > Sep 12 15:16:31 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68
> > 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> > Sep 12 15:22:26 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68
> > 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> > Sep 12 15:27:32 tulfw1 kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68
> > 255.255.255.255:67 L=332 S=0x00 I=0 F=0x0000 T=128
> >
> > >From /etc/services I see that these are bootp packets, right?
>
> DHCP.
>
> > Isn't bootp a network thing where the nic is looking for a server to
> > serve an os?
> >
> > Does this mean I have a machine on my network with an a nic in it with a
> > boot prom?
>
> You probably have pump or a DHCP client running somewhere.
>
> $ps | grep pump
yep that would do it I guess. I guess that is one packet for each machine
running dhcp huh?
BTW Hal I have not forgotten your stuff on my pppoe setup if you still want
it.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
