This one time, at band camp, martin f krafft said: > I saw this in our firewall logs this morning for the first time: > > kernel: Redirect from 84.42.143.87 on wan about 84.42.143.1 ignored. > kernel: Advised path = 84.72.16.145 -> 62.24.70.39, tos 00 > > I am aware of ICMP redirects and that they're generally to be > ignored, so I do: > > net.ipv4.conf.all.accept_redirects = 0 That looks like overkill, see below. > Nevertheless, I am curious what's going on. 84.72.16.145 is my own > IP, the other three seem Czech. Was 84.42.143.87 telling me that > 84.42.143.1 is really at 62.24.70.39? > > All three IPs appear to belong to the same organisation (mistral.cz) > as they have the same hostmaster in whois. > > Is this legitimate? Is someone trying to redirect me in a cheap hack > attempt? No. icmp redirect is only honored when it redirects to another host in your subnet. Unless you have a really large subnet, this looks like nonsense. The kernel will ignore it if it redirects you outside of your subnet. > Are people seeing this often? > > Since the Linux kernel handles it quite alright, should I have > logcheck filter it? I do. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature