[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] iptables q

On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:

> Hi,
> I have Firehol for iptables front-end and WordPress on Apache.
> Access to WP is restricted to me only, like this:
> interface ppp0 internet
>         policy drop
>         protection strong
>         ...
>         server http accept src
> So far so good.
> Now the question is: where do the messages in syslog come from, like these:
> Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
> MAC= SRC= DST=200.57.20
> 1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026
> LEN=577
> because that source does not exist:
> hugo@debian:~$ host
> does not exist, try again
> Hugo


Just because you can't resolve an IP address does not mean that it does
not exist.  There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist.  Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.


8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.

Reply to: