Security Incidents mailing list archives
IP fw-in deny spam in logs
From: jbaker () CANADAMORTGAGE COM (Jason Baker)
Date: Tue, 11 Apr 2000 17:56:02 -0700
I'm trying to track this down, see if it's actually somebody trying to spoof
the localhost interface remotely, or something else running internally
(bootpc and bootps are both turned off on the server.
Basically, I get this spewed into the logfiles... I'll get a bunch, 8
seconds apart, then nothing for a few minutes, then another clump.
Apr 11 04:04:42 HostnameRemoved kernel: IP fw-in deny eth0 UDP 127.0.0.1:68
+255.255.255.255:67 L=276 S=0x00 I=60857 F=0x0000 T=128
I'd assume this is coming from these stock rules in the debian netbase:
# deny incoming packets pretending to be from 127.0.0.1
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
2>/dev/null || true
ipfwadm -I -d deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
2>/dev/null || true
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth0 -D 0/0
/dev/null
ipfwadm -I -i deny -o -P all -S 127.0.0.0/8 -W eth1 -D 0/0
/dev/null
Jason
Current thread:
- IP fw-in deny spam in logs Jason Baker (Apr 11)
- Weird Ports on NT box Maniac . (Apr 12)
- Re: Weird Ports on NT box Joe McAlerney (Apr 13)
- Re: Weird Ports on NT box Klaus Moeller (Apr 14)
- dsnhack.pl --ooops Roelof Temmingh (Apr 13)
- Re: IP fw-in deny spam in logs Erich Meier (Apr 13)
- Re: IP fw-in deny spam in logs Paul Wouters (Apr 13)
- Weird Ports on NT box Maniac . (Apr 12)