I saw this in our firewall logs this morning for the first time: kernel: Redirect from 84.42.143.87 on wan about 84.42.143.1 ignored. kernel: Advised path = 84.72.16.145 -> 62.24.70.39, tos 00 I am aware of ICMP redirects and that they're generally to be ignored, so I do: net.ipv4.conf.all.accept_redirects = 0 Nevertheless, I am curious what's going on. 84.72.16.145 is my own IP, the other three seem Czech. Was 84.42.143.87 telling me that 84.42.143.1 is really at 62.24.70.39? All three IPs appear to belong to the same organisation (mistral.cz) as they have the same hostmaster in whois. Is this legitimate? Is someone trying to redirect me in a cheap hack attempt? Are people seeing this often? Since the Linux kernel handles it quite alright, should I have logcheck filter it? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems NP: vidnaObmana & Bass Communion / Continuum
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)