Re: Firewall log with port 65535 question

To: debian-firewall <debian-firewall@lists.debian.org>
Subject: Re: Firewall log with port 65535 question
From: Jörn Engel <joern@wohnheim.fh-wedel.de>
Date: Wed, 1 Nov 2000 15:08:20 +0100
Message-id: <[🔎] 20001101150820.A29003@wohnheim.fh-wedel.de>
In-reply-to: <[🔎] 20001101151010.A22938@lion.kingsley.co.za>; from wood@kingsley.co.za on Wed, Nov 01, 2000 at 03:10:10PM +0200
References: <973057112.39ffac586653e@whbell.ia.net> <[🔎] Pine.BSF.4.21.0011011350080.2136-100000@phase2.intern.it-netservice.de> <[🔎] 20001101151010.A22938@lion.kingsley.co.za>

Hi!

> > if anyone would spend some time on this "PROTO=2" thing they
> > would realize this is just IGMP .. which means the portnumber
> > has next to NO meaning .. 
> 
> Oops, didn't notice that.
> 
> > that you get this packets means, that your provider is just
> > too stupid to configure his router not to forward such packets
> > to you
> 
> But these packets are arriving at eth0, which is his INTERNAL
> network.  So these packets are not coming from his DSL
> provider.

Right. Be it TCP, IGMP or any other esoteric protocol, there are packets
being send from the indide to the outside. The come from some forged address
and go to some other addresses. Why should this be considered ok?

Even if they were coming from the ISP - they still would be routed
incorrectly, so they are worth the while to examine them.

Jörn

Reply to:

References:
- Re: Firewall log with port 65535 question
  - From: Christian Ruediger Bahls <christian@it-netservice.de>
- Re: Firewall log with port 65535 question
  - From: Michael Wood <wood@kingsley.co.za>

Prev by Date: Re: Firewall log with port 65535 question
Next by Date: RE: Firewall log with port 65535 question
Previous by thread: Re: Firewall log with port 65535 question
Next by thread: Re: Firewall log with port 65535 question
Index(es):
- Date
- Thread