[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Need help analyzing firewall log message

>From /usr/src/linux/include/linux/icmp.h:

#define ICMP_ECHOREPLY          0       /* Echo Reply                   */
#define ICMP_DEST_UNREACH       3       /* Destination Unreachable      */
#define ICMP_SOURCE_QUENCH      4       /* Source Quench                */
#define ICMP_REDIRECT           5       /* Redirect (change route)      */
#define ICMP_ECHO               8       /* Echo Request                 */
#define ICMP_TIME_EXCEEDED      11      /* Time Exceeded                */
#define ICMP_PARAMETERPROB      12      /* Parameter Problem            */
#define ICMP_TIMESTAMP          13      /* Timestamp Request            */
#define ICMP_TIMESTAMPREPLY     14      /* Timestamp Reply              */
#define ICMP_INFO_REQUEST       15      /* Information Request          */
#define ICMP_INFO_REPLY         16      /* Information Reply            */
#define ICMP_ADDRESS            17      /* Address Mask Request         */
#define ICMP_ADDRESSREPLY       18      /* Address Mask Reply           */

-Marcelo Couto
ITC.Net Brasil

-----Original Message-----
From: Christian Pernegger [mailto:pernegger@chello.at]
Sent: quinta-feira, 14 de setembro de 2000 14:59
To: Debian security list; Debian user list
Subject: Need help analyzing firewall log message
Importance: Low

Sep 14 19:41:44 jesus kernel: Packet log: \
input DENY eth1 PROTO=1 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x0000
T=255 (#4)

Happens in bursts of ~7, once a day, maybe more

eth1 is the external interface, connected to a cable modem that is fully
(That is I block all incoming/outgoing private LAN addresses and it still
This is the only thing that I ever see coming in from a private address.

Protocol 1 is ICMP according to /etc/protocols. seems to be other end of the cable modem bridge. (I made a route
and checked.)
The target ip is my box.

How do I read the ports in ICMP logs?

I'm sure it's legit, I just wanna know WTF my ISP is doing...



To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: