Re: Denied Packets from Internal Network

From: David (thunderbolt01@netscape.net)
Date: 04/08/02


From: David <thunderbolt01@netscape.net>
Date: Mon, 08 Apr 2002 14:54:25 -0500

Randy C wrote:
> I have a Caldera install on my network server. I am using a proxy server
> with an ipchains type firewall. I recently noticed entries in my log file
> that indicate my server's internal IP is trying to send out packets about
> every one second and the port number increases by 3 each time. Is this the
> result of someone from the outside trying to route packets through my
> internal network and to make it look like they are coming from my system?
>
> The log entry looks like
>
> Apr 8 time machine_name kernel: Packet log: input DENY eth1 PROTO=17
> 192.168.1.1:1499 L=44 S=0x00 I=31239 F=0x000 T=128 (#24)
>

Take a look at rule number 24 on your firewall. It is what is "DENY"ing
the packet thus the (#24) at the end of the line.

-- 
Confucius say: He who play in root, eventually kill tree.
Registered with the Linux Counter.  http://counter.li.org