RE: Weird entries in my firewall

From: Stephane Auger (kronos666_at_gmail.com)
Date: 09/06/05

  • Next message: Andy Cuff: "RE: SIM Products" 
    To: <security-basics@securityfocus.com>
Date: Tue, 6 Sep 2005 09:45:52 -0400

    Found it.... it was the agent for Promise Fasttrack RAID. It broadcasts on
    the network to find other RAID cards on the network. Not an impact on the
    network, they say. And since my firewall is blocking them, I'm not worried.

    Thanks anyway!

    -----Original Message-----
    From: Fósforo [mailto:fosforo@gmail.com]
    Sent: August 30, 2005 7:23 PM
    To: security-basics@securityfocus.com
    Subject: Re: Weird entries in my firewall

    First i would suggest you block any packets coming from the external
    interface with valid internal IPs
      
      iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j LOG
    --log-prefix "spoof: "
      iptables -A INPUT -i eth? -p all -s 192.168.0.0/16 -j DROP
      
      if still having the same problems, suggest review your net topology
    (maybe blocking broadcast)
      
      t+

    30 Aug 2005 15:31:01 -0000, kronos666@gmail.com <kronos666@gmail.com>:
    > Hi list,
    >
    > I've been getting these weird entries in my firewall (iptables) for a
    while...
    >
    > BLOCK 12:29:37.371982 OPT1 192.168.0.50, port 2401 255.255.255.255, port
    712 UDP
    >
    > Now, the source is the internal IP of my server, which is not connected to
    the firewall. It's as if the traffic goes through the external interface
    using the internal ip, and always broadcasts to port 712. Two of my servers
    are doing that.
    >
    > Has anyone ever seen something like this? It has me completely stumped.
    >
    > Thanks!
    > 

    -- 
---------------------------------------------------------
Eu é que não me sento
No trono de um apartamento
Com a boca escancarada
Cheia de dente, esperando a morte chegar
Porque longo das cercas embandeiradas
Que separam quintais
No cume calmo do meu olho que vê
Assenta a sombra sonora
Dum disco voador...
Raul Seixas
---------------------------------------------------------
>>>Fósforo<<<
  • Next message: Andy Cuff: "RE: SIM Products"

    Relevant Pages

    • RE: can ping but not browse
      ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
      (Fedora)
    • Re: Why not use NETBEUI on Windows XP ??
      ... Trusted zones means that firewall rules will be bypassed for any or certain ... not count on netbeui being a defense for such as long as smb connectivity ... while the connection is open. ... > Microsoft Networking components on my network. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Why not use NETBEUI on Windows XP ??
      ... Trusted zones means that firewall rules will be bypassed for any or certain ... not count on netbeui being a defense for such as long as smb connectivity ... while the connection is open. ... > Microsoft Networking components on my network. ...
      (microsoft.public.win2000.networking)
    • Re: Simple Printer Sharing/Networking Question
      ... And all 3 desktop computers are running Windows XP Pro ... We have turned on sharing for the network printers (in association with this ... caused by 1) a misconfigured firewall or overlooked firewall (including ...
      (microsoft.public.windowsxp.network_web)
    • Re: Firewall for broadband connection
      ... A personal firewall application that runs on your computer will often be ... it clearly needs user intervention to apply updates. ... IP address, then VNC is a simple way to do ... I install VNC, even in a protected network, I always change the port ...
      (comp.security.firewalls)