On Thu, Apr 19, 2001 at 01:38:07PM -0600, Robert Kerr wrote: > I'm using a cable modem, and have it firewalled at my box. Every now and > then I get the following messages on the current console > > Packet log: input REJECT eth0 PROTO=17 65.6.x.x:513 > 65.255.255.255:513 > L=160 S=0x00 I=20143 F=0x0000 T=64 (#5) > 24.7.73.5 sent an invalid ICMP error to a broadcast. > 24.7.73.5 sent an invalid ICMP error to a broadcast. > > where the 65.6.x.x is my address. > > Why are these coming? Are they warning me of something important? and > if not, can I send them to a log instead of my console? The first thing *might* be important. The REJECTed stuff is the result of broadcast 'rwho' info. rwho is used to list all the users on all hosts on the network. Are you running rwhod? rstatd? Do you need them? The other stuff could also conceivably be some kind of denial of service (ICMP flood) attack directed at 24.7.73.5. It is possible that somebody forged an ICMP packet from that host to your, with the intent of generating some kind of response from all hosts on that broadcast address. If all hosts on that network responded, it could send huge amounts of traffic heading toward 24.7.73.5, presumably saturating their network link. It could be that, or it could be something less malicious. I doubt it's anything that you need to worry about, in either case. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpSpPTSuSKOt.pgp
Description: PGP signature