RE: Weird entries in my firewall

["Stephane Auger" <kronos666 () gmail com>]

Found it.... it was the agent for Promise Fasttrack RAID.  It broadcasts on
the network to find other RAID cards on the network.  Not an impact on the
network, they say.  And since my firewall is blocking them, I'm not worried.

Thanks anyway!

-----Original Message-----
From: Fósforo [mailto:fosforo () gmail com] 
Sent: August 30, 2005 7:23 PM
To: security-basics () securityfocus com
Subject: Re: Weird entries in my firewall

First i would suggest you block any packets coming from the external
interface with valid internal IPs
  
  iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG
--log-prefix "spoof: "
  iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP
  
  if still having the same problems, suggest review your net topology
(maybe blocking broadcast)
  
  t+

30 Aug 2005 15:31:01 -0000, kronos666 () gmail com <kronos666 () gmail com>:
> Hi list,
>
> I've been getting these weird entries in my firewall (iptables) for a
while...
> BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port
712 UDP
> Now, the source is the internal IP of my server, which is not connected to
the firewall.  It's as if the traffic goes through the external interface
using the internal ip, and always broadcasts to port 712.  Two of my servers
are doing that.
> Has anyone ever seen something like this?  It has me completely stumped.
>
> Thanks!



-- 
---------------------------------------------------------
Eu é que não me sento
No trono de um apartamento
Com a boca escancarada
Cheia de dente, esperando a morte chegar

Porque longo das cercas embandeiradas
Que separam quintais
No cume calmo do meu olho que vê
Assenta a sombra sonora
Dum disco voador...

Raul Seixas
---------------------------------------------------------
> > > Fósforo<<<