Re: Denied Packets from Internal Network
From: David (thunderbolt01@netscape.net)Date: 04/08/02
- Next message: Randy C: "Re: Denied Packets from Internal Network"
- Previous message: drumstik: "Re: Help with Snort alerts"
- In reply to: Randy C: "Denied Packets from Internal Network"
- Next in thread: Randy C: "Re: Denied Packets from Internal Network"
- Reply: Randy C: "Re: Denied Packets from Internal Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David <thunderbolt01@netscape.net> Date: Mon, 08 Apr 2002 14:54:25 -0500
Randy C wrote:
> I have a Caldera install on my network server. I am using a proxy server
> with an ipchains type firewall. I recently noticed entries in my log file
> that indicate my server's internal IP is trying to send out packets about
> every one second and the port number increases by 3 each time. Is this the
> result of someone from the outside trying to route packets through my
> internal network and to make it look like they are coming from my system?
>
> The log entry looks like
>
> Apr 8 time machine_name kernel: Packet log: input DENY eth1 PROTO=17
> 192.168.1.1:1499 L=44 S=0x00 I=31239 F=0x000 T=128 (#24)
>
Take a look at rule number 24 on your firewall. It is what is "DENY"ing
the packet thus the (#24) at the end of the line.
-- Confucius say: He who play in root, eventually kill tree. Registered with the Linux Counter. http://counter.li.org
- Next message: Randy C: "Re: Denied Packets from Internal Network"
- Previous message: drumstik: "Re: Help with Snort alerts"
- In reply to: Randy C: "Denied Packets from Internal Network"
- Next in thread: Randy C: "Re: Denied Packets from Internal Network"
- Reply: Randy C: "Re: Denied Packets from Internal Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
