Re: firewall log messages
Hmmm... that is rather strange. PROTO=17 is the icmp
protocol, but there is definately no icmp type 513. Also,
according to the log, you are receiving a packet from your
address over your ethernet card... which is questionable
at best. However, I can't think of any hacking purpose
for sending such a packet, and so I tend to think that it
was generated erroneously from someplace. My suggestion
is to silently DENY anything that reaches you're box that
isn't destined for you. Lot's of weirdness will be quietly
discarded that way.
On Thu, Apr 19, 2001 at 01:38:07PM -0600, Robert Kerr wrote:
> I'm using a cable modem, and have it firewalled at my box. Every now and
> then I get the following messages on the current console
>
> Packet log: input REJECT eth0 PROTO=17 65.6.x.x:513
> 65.255.255.255:513
> L=160 S=0x00 I=20143 F=0x0000 T=64 (#5)
> 24.7.73.5 sent an invalid ICMP error to a broadcast.
> 24.7.73.5 sent an invalid ICMP error to a broadcast.
>
> where the 65.6.x.x is my address.
>
> Why are these coming? Are they warning me of something important? and
> if not, can I send them to a log instead of my console?
I would imagine that those messages are being logged... look
at /var/logs/kernel and/or /ver/logs/messages (or try using
grep to find them). If you can't find them, make sure that
your firewall is logging everything somewhere, preferably
through syslog (if you're using ipchains or iptables, it
will be logging through syslog.) Finally take a look at
/etc/syslog.conf to make sure that everything is being
logged somewhere.
--
John Patton patton66@home.com
Get my GnuPG public key: finger john@24.22.215.225
"Wise men talk because they have something to say;
fools, because they have to say something."
- Plato (429-347 BC)
Reply to: