outgoing 10.x.x.x packets being logged
From: H. S. (g_reate_xcalibur_at_yahoo.com)
Date: 05/18/04
- Next message: Nils Juergens: "Re: How to audit machine?"
- Previous message: Mike Oliver: "Re: iptables newbie"
- Next in thread: H. S.: "Re: outgoing 10.x.x.x packets being logged"
- Reply: H. S.: "Re: outgoing 10.x.x.x packets being logged"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 May 2004 02:35:56 -0400
I am running Debian Sarge as a router. The box has eth0 connected to an
ADSL modem, and eth1 connected to a switch to which my home computers
are connected.
My internal home network is 192.168.x.x.
Network cards congif is:
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.0.0.255
#used 10.x.x.x just to have eth0 on different network than eth1
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
I have a firewall setup. Among other things, it stops all packets
addressed to 192.168.x.x going to ppp0, my ADSL modem. Now, in the
/var/log/syslog file, I see the lines given below. If somebody could
explain what is going on, it would be great. It seems that packets
addressed to 10.x.x.x destined towards eth0 are being logged. But where
are these packets coming from? How do I find out what applications is
trying to send these packets?
Thanks,
->HS
PS: I am no expert in TCP/IP, though I have an overall understanding
what each line of my firewall does.
LOG lines:
May 17 07:15:36 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58271 DF PROTO=TCP
SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 07:15:39 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58272 DF PROTO=TCP
SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 07:17:01 localhost /USR/SBIN/CRON[4798]: (root) CMD ( run-parts
--report /etc/cron.hourly)
May 17 07:30:36 localhost kernel: PingOfDeath: IN=ppp0 OUT= MAC=
SRC=218.18.38.233 DST=65.92.22.19 LEN=60 TOS=0x00 PREC=0x00 TTL=31
ID=27559 DF PROTO=TCP SPT=46311 DPT=49318 WINDOW=5808 RES=0x00 RST SYN
URGP=0
May 17 07:36:47 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1662 DF PROTO=TCP
SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 07:36:50 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1663 DF PROTO=TCP
SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 07:54:34 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30331 DF PROTO=TCP
SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 07:54:37 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30332 DF PROTO=TCP
SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 08:01:49 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35286 DF PROTO=TCP
SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 08:01:52 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35287 DF PROTO=TCP
SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
-- (Please remove all underscores from my email address to get the correct one. Apologies for the inconvenience, but this is to reduce spam.)
- Next message: Nils Juergens: "Re: How to audit machine?"
- Previous message: Mike Oliver: "Re: iptables newbie"
- Next in thread: H. S.: "Re: outgoing 10.x.x.x packets being logged"
- Reply: H. S.: "Re: outgoing 10.x.x.x packets being logged"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
