Re: Strange behavior
Hi John,
Your post contains longest line I've seen in any mail. Remember to wrap
your lines to 72 chars about. It'll be readable better.
It would be better if you enclose fragment of your log.
Check if you don't block transmission on lo interface,
check if your host protects itself i.e. if you block transmission
comming to the host (INPUT chain).
Regards
Chris
----- Original Message -----
From: "John DOE" <bacteria@petekmail.com>
To: <debian-user@lists.debian.org>
Sent: Friday, July 06, 2001 8:59 AM
Subject: Strange behavior
> Hello, I am a new debian user and someone still learning linux. I have
a small problem. My company is using a firewall created with Ipchains of
3 zones ( dmz - local - internet ) on a Intel Pentium Pro processor
machine running Debian 2.2r3 on it ( base system + mc + tcpdump +
nano ). Strangely enough one of the interfaces ( the internet
interface ) completely at arbitrary times start sending packets to
itself. Packet proto=1 sourceip:3 rd port to sourceip:1 st port s=0xc0
f=0x0000 t=255 log says. As far as I understand from this log the packet
sent is an ICMP packet from port 3 to tcpmux port ( icmp's have ports ?
knew they did not ) of size 13 hexadecimals not fragmented and time to
live is 255. But this is not possible. 1st no one can use this machine
as a terminal and no one can telnet to it's interfaces. 2nd rp_filter is
set to 1 for all interfaces ( in case of a spoof attack ) .
> Can anyone help me about that ? I am sure there is something I do not
know but what is it ?
>
> Thanx
> John.
>
> _____________________________________________________________
> Get your free e-mail account: http://www.petekmail.com
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: