On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:
Hi,
I have Firehol for iptables front-end and WordPress on Apache.
Access to WP is restricted to me only, like this:
interface ppp0 internet
policy drop
protection strong
...
server http accept src 200.57.201.163
So far so good.
Now the question is: where do the messages in syslog come from, like these:
Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
MAC= SRC=202.97.238.233 DST=200.57.20
1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
LEN=577
because that source does not exist:
hugo@debian:~$ host 202.97.238.233
202.97.238.233 does not exist, try again
Hugo
Hi,
Just because you can't resolve an IP address does not mean that it does
not exist. There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist. Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.