[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] iptables q

Jeff D wrote:
On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote:


I have Firehol for iptables front-end and WordPress on Apache.

Access to WP is restricted to me only, like this:

interface ppp0 internet
        policy drop
        protection strong
        server http accept src

So far so good.

Now the question is: where do the messages in syslog come from, like these:

Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT=
MAC= SRC= DST=200.57.20
1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026

because that source does not exist:

hugo@debian:~$ host does not exist, try again



Just because you can't resolve an IP address does not mean that it does
not exist.  There is no rule that says IP address *have* to have dns
resolution. That IP is a valid address, so it is very possible that it
does exist.  Whois info for it says that its from China, I suspect you
will be seeing lots of these, its fairly normal noise.

Thanks Jeff! Whois is the answer.
I am honored to drop the Hei Long Jiang province education committee ;-)


Reply to: