Re: Speaking of broadcasts, is this a security threat?
Yeap, I did a little snooping around myself. I watched eth0 with tcpdump
and grepped for 10.0.0.1, after a bit I found one. It is coming in from my
external interface, probably is a machine over at my ISP's that was set up
with that IP... I might have to call them up.
Micah
On Fri, Aug 11, 2000 at 02:08:04PM -0500, Nathan E Norman wrote:
> On Fri, Aug 11, 2000 at 12:53:53PM -0600, Scott wrote:
> >
> > > > >
> > > > > Every few minutes I see the following show up in my log:
> > > > >
> > > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=639 F=0x4000 T=1 (#4)
> > > > > Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > > > Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
> ^^^^^^^^
>
> > -This was a TCP packet
>
> Wrong, it was UDP. RFC 1700 can help here.
>
> > -This packet came from 10.0.0.1 with a return port of 1999
> > -This packet was addressed to 255.255.255.255 on port 1999
>
> So it's a subnet-only broadcast ...
>
> I would try to find out if 10.0.0.1 is a real host, and if so, who
> owns it.
>
> Cheers,
>
> --
> Nathan Norman "Eschew Obfuscation" Network Engineer
> GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/
> Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Reply to: