Re: [OT] iptables q
On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:
> I have Firehol for iptables front-end and WordPress on Apache.
> Access to WP is restricted to me only, like this:
> interface ppp0 internet
> policy drop
> protection strong
> server http accept src 188.8.131.52
> So far so good.
> Now the question is: where do the messages in syslog come from, like these:
> Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
> MAC= SRC=184.108.40.206 DST=200.57.20
> 1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
> because that source does not exist:
> hugo@debian:~$ host 220.127.116.11
> 18.104.22.168 does not exist, try again
Just because you can't resolve an IP address does not mean that it does
not exist. There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist. Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.