Unidentified subject!

To: debian-security@lists.debian.org
Subject: Unidentified subject!
From: John DOE <bacteria@petekmail.com>
Date: Fri, 6 Jul 2001 08:37:49 -0700 (PDT)
Message-id: <[🔎] 20010706153749.C4C2C36F9@sitemail.everyone.net>
Reply-to: bacteria@petekmail.com

Hello, I am a new debian user and someone still learning linux. I have a 
small problem. In my company ( which is a microsoft developer ) I insisted on  using a firewall created with Ipchains of 3 
zones ( dmz - local - internet ) on a Intel Pentium Pro processor machine 
running Debian 2.2r3 on it ( base system + mc + tcpdump + nano ) instead of Microshit's ISA Server.  Strangely 
enough one of the interfaces ( the internet interface ) completely at arbitrary 
times start sending packets to itself. Packet proto=1 sourceip:3 rd port 
to sourceip:1 st port s=0xc0 f=0x0000 t=255 log says. As far as I understand 
from this log the packet sent is an ICMP packet from port 3 to tcpmux port 
( icmp's have ports ? knew they did not ) of size 13 hexadecimals not fragmented 
and time to live is 255. But this is not possible. 1st no one can use this 
machine as a terminal and no one can telnet to it's interfaces. 2nd rp_filter 
is set to 1 for all interfaces ( in case of a spoof attack ) . 
Can anyone 
help me about that ? I am sure there is something I do not know but what 
is it ?  

Thanx
John.


Note : If I succeed on this debian firewall the ftp server will also be Linux and web server as well .

_____________________________________________________________
Get your free e-mail account: http://www.petekmail.com

Reply to:

Prev by Date: Attack alert from snort
Next by Date: Re: shared root account
Previous by thread: Re: snort rules (Was: Attack alert from snort)
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread