Security Basics mailing list archives
RE: Weird entries in my firewall
From: "Stephane Auger" <kronos666 () gmail com>
Date: Tue, 6 Sep 2005 09:45:52 -0400
Found it.... it was the agent for Promise Fasttrack RAID. It broadcasts on the network to find other RAID cards on the network. Not an impact on the network, they say. And since my firewall is blocking them, I'm not worried. Thanks anyway! -----Original Message----- From: Fósforo [mailto:fosforo () gmail com] Sent: August 30, 2005 7:23 PM To: security-basics () securityfocus com Subject: Re: Weird entries in my firewall First i would suggest you block any packets coming from the external interface with valid internal IPs iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG --log-prefix "spoof: " iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP if still having the same problems, suggest review your net topology (maybe blocking broadcast) t+ 30 Aug 2005 15:31:01 -0000, kronos666 () gmail com <kronos666 () gmail com>:
Hi list, I've been getting these weird entries in my firewall (iptables) for a
while...
BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port
712 UDP
Now, the source is the internal IP of my server, which is not connected to
the firewall. It's as if the traffic goes through the external interface using the internal ip, and always broadcasts to port 712. Two of my servers are doing that.
Has anyone ever seen something like this? It has me completely stumped. Thanks!
-- --------------------------------------------------------- Eu é que não me sento No trono de um apartamento Com a boca escancarada Cheia de dente, esperando a morte chegar Porque longo das cercas embandeiradas Que separam quintais No cume calmo do meu olho que vê Assenta a sombra sonora Dum disco voador... Raul Seixas ---------------------------------------------------------
Fósforo<<<
Current thread:
- RE: Weird entries in my firewall Stephane Auger (Sep 06)