Security Basics mailing list archives

Ipchains Question / Seeking Information.

From: "Robert Larson" <cubist27 () hotmail com>
Date: Wed, 16 Oct 2002 02:26:25 +0000

Hello,
Your error logs
" Oct  7 19:51:45 furby kernel: Packet log: output DENY eth0 PROTO=6
216.178.84.110:80 65.56.237.226:2002 L=48 S

=0x00 I=17224 F=0x4000 T=64 (#2)" are saying that your trying to sentmalformed packets but your output chains are blocking them. It is saying"proto=6" meaning that it is a tcp packet, leaving your server on port 80trying to connect to ip 65.56.237.226 at port 2002. The "L=48" is sayingthat the ip header is 48 bytes and the "S=0x00" is saying that it is TCPsequence number 0. I do not know what the "I=17224" is but the "F=0x40000"is saying TCP flags are in binary. You might want to see if you are infectedwith the slapper worm.


Regards,
Rob Larson


_________________________________________________________________

Surf the Web without missing calls! Get MSN Broadband.http://resourcecenter.msn.com/access/plans/freeactivation.asp

Current thread:

Ipchains Question / Seeking Information. Chris S (Oct 15)
- RE: Ipchains Question / Seeking Information. Andrew H. Turner (Oct 16)
- Re: Ipchains Question / Seeking Information. Steve Bremer (Oct 16)
- Re: Ipchains Question / Seeking Information. Devdas Bhagat (Oct 16)
- <Possible follow-ups>
- Ipchains Question / Seeking Information. Robert Larson (Oct 17)