Security Basics mailing list archives
Re: Weird entries in my firewall
From: Fósforo <fosforo () gmail com>
Date: Tue, 30 Aug 2005 20:22:59 -0300
First i would suggest you block any packets coming from the external interface with valid internal IPs iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG --log-prefix "spoof: " iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP if still having the same problems, suggest review your net topology (maybe blocking broadcast) t+ 30 Aug 2005 15:31:01 -0000, kronos666 () gmail com <kronos666 () gmail com>:
Hi list, I've been getting these weird entries in my firewall (iptables) for a while... BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port 712 UDP Now, the source is the internal IP of my server, which is not connected to the firewall. It's as if the traffic goes through the external interface using the internal ip, and always broadcasts to port 712. Two of my servers are doing that. Has anyone ever seen something like this? It has me completely stumped. Thanks!
-- --------------------------------------------------------- Eu é que não me sento No trono de um apartamento Com a boca escancarada Cheia de dente, esperando a morte chegar Porque longo das cercas embandeiradas Que separam quintais No cume calmo do meu olho que vê Assenta a sombra sonora Dum disco voador... Raul Seixas ---------------------------------------------------------
Fósforo<<<
Current thread:
- Weird entries in my firewall kronos666 (Aug 30)
- Re: Weird entries in my firewall Fósforo (Aug 31)