On Sat, Jul 05, 2003 at 01:12:35PM -0400, dzpost@dedekind.net wrote: > The following report of a denied packet has been appearing about once > or twice a day in my system logs: > > Jul 4 10:12:48 gateway kernel: Packet log: > input DENY eth0 PROTO=2 0.0.0.0:65535 224.0.0.2:65535 > L=32 S=0x00 I=19572 F=0x0000 T=1 O=0x00000494 (#5) PROTO=2 means it's IGMP, 'Internet Group Management'. I have no idea what that means, though :) > I think I understand why the packet is being blocked, but I'm more > more concerned with what it is and where it's coming from. What does > it mean for the source address to be 0.0.0.0? And what is 224.0.0.2? I'm pretty sure the 224 addresses are related to IP Multicast. Hmmm, I guess I can't actually help, but maybe google will now that you have some keywords :) Also, there's a debian-firewall list (on this very server) which is full of nice people who probably know the proper answer to your question. -- Rob Weir <rweir@ertius.org> | mlspam@ertius.org | Do I look like I want a CC? Words of the day: offensive information warfare Lexis-Nexis kibo kilderkin
Attachment:
pgpC7hwCs5Jy2.pgp
Description: PGP signature