Security Basics mailing list archives
Ipchains Question / Seeking Information.
From: "Robert Larson" <cubist27 () hotmail com>
Date: Wed, 16 Oct 2002 02:26:25 +0000
Hello, Your error logs " Oct 7 19:51:45 furby kernel: Packet log: output DENY eth0 PROTO=6 216.178.84.110:80 65.56.237.226:2002 L=48 S=0x00 I=17224 F=0x4000 T=64 (#2)" are saying that your trying to sent malformed packets but your output chains are blocking them. It is saying "proto=6" meaning that it is a tcp packet, leaving your server on port 80 trying to connect to ip 65.56.237.226 at port 2002. The "L=48" is saying that the ip header is 48 bytes and the "S=0x00" is saying that it is TCP sequence number 0. I do not know what the "I=17224" is but the "F=0x40000" is saying TCP flags are in binary. You might want to see if you are infected with the slapper worm.
Regards, Rob Larson _________________________________________________________________Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
Current thread:
- Ipchains Question / Seeking Information. Chris S (Oct 15)
- RE: Ipchains Question / Seeking Information. Andrew H. Turner (Oct 16)
- Re: Ipchains Question / Seeking Information. Steve Bremer (Oct 16)
- Re: Ipchains Question / Seeking Information. Devdas Bhagat (Oct 16)
- <Possible follow-ups>
- Ipchains Question / Seeking Information. Robert Larson (Oct 17)