On Fri, Aug 11, 2000 at 12:53:53PM -0600, Scott wrote: > > > > > > > > > Every few minutes I see the following show up in my log: > > > > > > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17 > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4) > > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17 > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=639 F=0x4000 T=1 (#4) > > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17 > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4) > > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17 ^^^^^^^^ > -This was a TCP packet Wrong, it was UDP. RFC 1700 can help here. > -This packet came from 10.0.0.1 with a return port of 1999 > -This packet was addressed to 255.255.255.255 on port 1999 So it's a subnet-only broadcast ... I would try to find out if 10.0.0.1 is a real host, and if so, who owns it. Cheers, -- Nathan Norman "Eschew Obfuscation" Network Engineer GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Attachment:
pgpcrlgFZWX5b.pgp
Description: PGP signature