Security Basics mailing list archives

Strange Packet logs in ipchains

From: Sam Dirk <samdirk () online ie>
Date: 25 Mar 2003 10:41:33 -0000



Hi All,

Yesterday I noticed the following entry in logs:

Packet log: input REJECT eth0 PROTO=17 169.254.208.158:137 
169.254.255.255:137 L=96 S=0x00 I=3072 F=0x0
000 T=128 (#9)

This occured only on our internal (10.10.x.x address) network. The packets 
were seen three times over the course of the day but lasted for only one - 
two seconds so it was impossible to get a tcpdump.

In addition the source address was either 169.254.208.158 or 
169.254.24.111. We don't use the above addresses on the network so am I

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1

Current thread:

Strange Packet logs in ipchains Sam Dirk (Mar 26)
- Re: Strange Packet logs in ipchains Vic Parat (NSS) (Mar 27)
- Re: Strange Packet logs in ipchains Bear Giles (Mar 27)
- RE: Strange Packet logs in ipchains Burton M. Strauss III (Mar 27)
- <Possible follow-ups>
- Re: Strange Packet logs in ipchains Paris Stone (Mar 27)
- RE: Strange Packet logs in ipchains Mike Heitz (Mar 27)
- RE: Strange Packet logs in ipchains Gwydion Mine (Mar 28)