I have started seeing a lot of these dropped packets in my logs recently and can't figure out why they have started in such frequency. I have never seen such packets before. I notice that they start to occur after I do a bit of www surfing. Here is some example ones from my syslog: Nov 30 12:32:00 beast kernel: ipt_unclean: TCP flags bad: 4 Nov 30 12:32:00 beast kernel: unclean_::IN=ppp0 OUT= MAC= SRC=212.43.237.66 DST=144.134.71.208 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=40412 PROTO=TCP SPT=80 DPT=33041 WINDOW=0 RES=0x00 RST URGP=0 Nov 30 12:32:50 beast kernel: ipt_unclean: TCP flags bad: 4 Nov 30 12:32:50 beast kernel: unclean_::IN=ppp0 OUT= MAC= SRC=198.186.203.20 DST=144.134.71.208 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27653 PROTO=TCP SPT=80 DPT=33036 WINDOW=0 RES=0x00 RST URGP=0 I am running an iptables firewall on a 2.4.14 kernel. I did recently upgrade to 2.4.14 kernel from 2.4.4 so maybe this has something to do with it? Here are the relevant rules in my firewall that are catching these packets: $IPTABLES -N log_unclean $IPTABLES -A log_unclean -j LOG --log-level 1 --log-prefix "unclean_::" $IPTABLES -A log_unclean -j DROP $IPTABLES -A INPUT -i $EXT_IF -m unclean -j log_unclean Has anyone else noticed this? Any ideas? Regards. Mark.
Attachment:
pgp8bFGrmd7Bu.pgp
Description: PGP signature