On Fri, Aug 11, 2000 at 12:53:53PM -0600, Scott wrote:
>
> > > >
> > > > Every few minutes I see the following show up in my log:
> > > >
> > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=639 F=0x4000 T=1 (#4)
> > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
^^^^^^^^
> -This was a TCP packet
Wrong, it was UDP. RFC 1700 can help here.
> -This packet came from 10.0.0.1 with a return port of 1999
> -This packet was addressed to 255.255.255.255 on port 1999
So it's a subnet-only broadcast ...
I would try to find out if 10.0.0.1 is a real host, and if so, who
owns it.
Cheers,
--
Nathan Norman "Eschew Obfuscation" Network Engineer
GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Attachment:
pgpcrlgFZWX5b.pgp
Description: PGP signature