On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote: > What seems odd to me is the the yyy IP is originating from such a low port > (3) which means the system is most likely not unix or windows (or at least > not standard apps), unless using some specific application. Anyone know of > one that does this? Errm, no, you are missing the fact that PROTO=1. That means it's ICMP traffic. His iptables blocked a Destination Unreachable ICMP message. Those get sent by Unix and non-Unix systems all the time, but typically not by userland stuff. Personally, I would label this a misconfigured firewall. There are others out there who do like to block such messages. I don't see the point. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpYIYrv8JHfq.pgp
Description: PGP signature