Re: /var/log/syslog entries

To: debian-user@lists.debian.org
Subject: Re: /var/log/syslog entries
From: Nathan E Norman <nnorman@midco.net>
Date: Mon, 12 Jun 2000 14:08:57 -0500
Message-id: <[🔎] 20000612140857.P10979@midco.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.3.96.1000612115351.10018B-100000@doma.mattyt.net>; from mattyt@oz.net on Mon, Jun 12, 2000 at 11:57:32AM -0700
References: <[🔎] Pine.LNX.3.96.1000612115351.10018B-100000@doma.mattyt.net>

On Mon, Jun 12, 2000 at 11:57:32AM -0700, Matthew Thompson wrote:
> Hello,
> 
> I'm getting TONS of this:
> 
> Jun 12 06:36:03 doma kernel: Packet log: input REJECT eth0 PROTO=17
> 216.39.146.44:513 216.39.146.255:513 L=88 S=0x00 I=56673 F=0x0000 T=64
> (#5)
> Jun 12 06:39:03 doma kernel: Packet log: input REJECT eth0 PROTO=17
> 216.39.146.44:513 216.39.146.255:513 L=88 S=0x00 I=56686 F=0x0000 T=64
> (#5)
> 
> ...in /var/log/syslog (running potato with ipchains over 2 NIC's).  Is
> this common for a firewall with strong rules, or do I have something
> amiss?

It's common.  Looks like 216.39.146.44 is running whod (found in the
debian package rwhod).  This daemon broadcasts information to other
servers on the subnet (216.39.146.255 is a broadcast unless your local
admin is as weird as I am).

PROTO 17 == udp
port 513/udp is who according to /etc/services.

I see loads of crap on my cable-modem gateway at home.

-- 
Nathan Norman         "Eschew Obfuscation"          Network Engineer
GPG Key ID 1024D/51F98BB7            http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7

Attachment: pgpH1RpuI_3Xw.pgp
Description: PGP signature

Reply to:

References:
- /var/log/syslog entries
  - From: Matthew Thompson <mattyt@oz.net>

Prev by Date: Re: dependencies rpoblem
Next by Date: Re: dependencies rpoblem
Previous by thread: /var/log/syslog entries
Next by thread: Re: /var/log/syslog entries
Index(es):
- Date
- Thread