Re: Invalid IP address

[Jérôme Tytgat <jtytgat () websurg com>]

I can also be a real port 0

As Hping produce it by default...

It's a good feature as a lot of filtering router/firewall badly
configured allow port 0 going thru...

----- Original Message -----
From: "Dave Phelps" <tippenring () tippenring com>
To: <incidents () securityfocus com>
Sent: Tuesday, October 22, 2002 8:20 AM
Subject: Re: Invalid IP address


> "A log entry with port 0 means that the router didn't need to inspect the
> port number to allow [or deny] the traffic, such as with the following:
>
> access-list 100 permit any any established log"
>
> --
> Credit: Francois Labreque, comp.dcom.sys.cisco - 11/09/2000
>
>  ----- Original Message -----
> From: "Steven Lee" <idsforensic () yahoo com>
> To: <incidents () securityfocus com>
> Sent: Monday, October 21, 2002 3:05 PM
> Subject: Invalid IP address
>
>
> |
> |
> | I am seeing this on my router syslog after I applied an access list on
the
> | internal interface. Can anyone tell me what this could be? The
68.84.8.41
> | is a comcast IP that is active on the network; however, someone inside
our
> | network is attempting to use it to go out to other sites? Thanks for
your
> | help.
> |
> | l7.Info X.X.X.X 38644: .Oct 21 13:40:27: %SEC-6-IPACCESSLOGP: list 101
> | denied tcp 68.84.8.41(0) -> 67.34.160.17(0), 1 packet
> | 2002-10-21 13:35:37 Local7.Info X.X.X.X 38645: .Oct 21 13:40:28: %
> | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 217.121.116.154
> | (0), 1 packet
> | 2002-10-21 13:35:38 Local7.Info X.X.X.X 38646: .Oct 21 13:40:29: %
> | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 141.156.130.147
> | (0), 1 packet
> | 2002-10-21 13:35:39 Local7.Info X.X.X.X 38647: .Oct 21 13:40:30: %
> | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) ->
68.9.184.233(0),
> | 2 packets
> | 2002-10-21 13:35:40 Local7.Info X.X.X.X 38648: .Oct 21 13:40:32: %
> | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 24.203.121.105
> | (0), 1 packet
> | 2002-10-21 13:35:41 Local7.Info X.X.X.X 38649: .Oct 21 13:40:33: %
> | SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 67.82.63.49(0),
1
> | packet
> |
| --------------------------------------------------------------------------
> --
> | This list is provided by the SecurityFocus ARIS analyzer service.
> | For more information on this free incident handling, management
> | and tracking system please see: http://aris.securityfocus.com
> |
> |
>
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com