Re: Weird!

From: Kostas K (acezerocool_at_yahoo.com)
Date: 07/06/04

  • Next message: Ansgar -59cobalt- Wiechers: "Re: Weird!" 
    Date: 6 Jul 2004 21:18:03 -0000
To: focus-linux@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20040706184555.B13533@planetcobalt.net>

    I am using emule specificaly, so the src=xxx.xx.xxx.xxx sent me an ICMP 3-0 indicating that src=aa.aaa.aaa.aaa (which is my ip address) cannot access dst=192.168.1.100.

    I am have a LAN (3 pcs) but why this is happening?

    Thanks,

    Kostas

    IN=ppp0 OUT= MAC= SRC=xxx.xx.xxx.xxx DST=aa.aaa.aaa.aaa LEN=76
     TOS=0x18 PREC=0x20 TTL=45 ID=56552 PROTO=ICMP TYPE=3 CODE=1
     [SRC=aa.aaa.aaa.aaa DST=192.168.1.100 LEN=48 TOS=0x00 PREC=0x00
     TTL=109 ID=16249 DF PROTO=TCP SPT=1730 DPT=4662 WINDOW=16384 RES=0x00
     SYN URGP=0 ]
     
     I get some weird logs from iptables. Someone is trying to ping (using
     a c class ip) me with no result since it gets the msg. of host
     unreachable. The weird thing or perhaps the things that i can't
     understand is why the destination address in the first row is the same
     with the src in the second row which seems to scan a c class ip which
     happens to be private, while i am using a 10.0.0.0/24 network.
     
     any ideas????

    Someone with source address aa.aaa.aaa.aaa (a dialup address?) is trying
    to access a host 192.168.1.100:4662 (maybe eDonkey or something), which
    doesn't exisit. That's why xxx.xx.xxx.xxx is sending Destination
    Unreachable messages to aa.aaa.aaa.aaa (the source address of the
    original request).

    HTH

    Regards
    Ansgar Wiechers

  • Next message: Ansgar -59cobalt- Wiechers: "Re: Weird!"