Re: Weird!
From: Charles Heselton (charles.heselton_at_gmail.com)
Date: 07/06/04
- Previous message: Ansgar -59cobalt- Wiechers: "Re: Weird!"
- In reply to: Kostas K: "Weird!"
- Next in thread: Marius Huse Jacobsen: "Re[2]: Weird!"
- Reply: Marius Huse Jacobsen: "Re[2]: Weird!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 6 Jul 2004 12:13:27 -0700 To: Kostas K <acezerocool@yahoo.com>
On 5 Jul 2004 22:22:22 -0000, Kostas K <acezerocool@yahoo.com> wrote:
>
>
> IN=ppp0 OUT= MAC= SRC=xxx.xx.xxx.xxx DST=aa.aaa.aaa.aaa LEN=76 TOS=0x18 PREC=0x20 TTL=45 ID=56552 PROTO=ICMP TYPE=3 CODE=1 [SRC=aa.aaa.aaa.aaa DST=192.168.1.100 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=16249 DF PROTO=TCP SPT=1730 DPT=4662 WINDOW=16384 RES=0x00 SYN URGP=0 ]
>
> I get some weird logs from iptables. Someone is trying to ping (using a c class ip) me with no result since it gets the msg. of host unreachable.
> The weird thing or perhaps the things that i can't understand is why the destination address in the first row is the same with the src in the second row which seems to scan a c class ip which happens to be private, while i am using a 10.0.0.0/24 network.
>
> any ideas????
>
> Cheers.
>
This looks like a combination of a couple log entries. I've never
seen duplicated fields (DST=, SRC=, etc.) in IPTables logging data.
But, assuming that it is one log entry, depending on your network
config, it looks like your IPTables is picking up both sides (pre-NAT
& post-NAT) of something that is being NAT'd. Possibly bounced....
-- Charlie Heselton Network Security Engineer
- Previous message: Ansgar -59cobalt- Wiechers: "Re: Weird!"
- In reply to: Kostas K: "Weird!"
- Next in thread: Marius Huse Jacobsen: "Re[2]: Weird!"
- Reply: Marius Huse Jacobsen: "Re[2]: Weird!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
