Re: Need help analyzing firewall log message
Hello,
On Thu, Sep 14, 2000 at 07:59:08PM +0200, Christian Pernegger wrote:
> Sep 14 19:41:44 jesus kernel: Packet log: \
> input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x0000
> T=255 (#4)
For ICMP protocol packets, the number following the source address
should be the ICMP type and the number following the destination
address should be the ICMP code.
See the IPCHAINS-HOWTO (I'm not shouting, the name is written
that way) at:
http://www.linuxdoc.org
Regards,
Robert
>
> Happens in bursts of ~7, once a day, maybe more
>
> eth1 is the external interface, connected to a cable modem that is fully
> transparent.
> (That is I block all incoming/outgoing private LAN addresses and it still
> works)
> This is the only thing that I ever see coming in from a private address.
>
> Protocol 1 is ICMP according to /etc/protocols.
> 10.34.15.1 seems to be other end of the cable modem bridge. (I made a route
> and checked.)
> The target ip is my box.
>
> How do I read the ports in ICMP logs?
>
> I'm sure it's legit, I just wanna know WTF my ISP is doing...
>
> Thanks
>
> Christian
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: