Re: outgoing 10.x.x.x packets being logged

From: H. S. (g_reate_xcalibur_at_yahoo.com)
Date: 05/18/04

  • Next message: David Wild: "Parental control programs?" 
    Date: Tue, 18 May 2004 19:45:30 GMT

    H. S. wrote:
    >
    > I am running Debian Sarge as a router. The box has eth0 connected to an
    > ADSL modem, and eth1 connected to a switch to which my home computers
    > are connected.
    >
    > My internal home network is 192.168.x.x.
    >
    > Network cards congif is:
    >
    > auto eth0
    > iface eth0 inet static
    > address 10.0.0.1
    > netmask 255.0.0.0
    > network 10.0.0.0
    > broadcast 10.0.0.255
    > #used 10.x.x.x just to have eth0 on different network than eth1
    >
    >
    > auto eth1
    > iface eth1 inet static
    > address 192.168.0.2
    > netmask 255.255.255.0
    > network 192.168.0.0
    > broadcast 192.168.0.255
    >
    >
    > I have a firewall setup. Among other things, it stops all packets
    > addressed to 192.168.x.x going to ppp0, my ADSL modem. Now, in the
    > /var/log/syslog file, I see the lines given below. If somebody could
    > explain what is going on, it would be great. It seems that packets
    > addressed to 10.x.x.x destined towards eth0 are being logged. But where
    > are these packets coming from? How do I find out what applications is
    > trying to send these packets?
    >
    > Thanks,
    > ->HS
    > PS: I am no expert in TCP/IP, though I have an overall understanding
    > what each line of my firewall does.
    >
    > LOG lines:
    >
    > May 17 07:15:36 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58271 DF PROTO=TCP
    > SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 07:15:39 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58272 DF PROTO=TCP
    > SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 07:17:01 localhost /USR/SBIN/CRON[4798]: (root) CMD ( run-parts
    > --report /etc/cron.hourly)
    > May 17 07:30:36 localhost kernel: PingOfDeath: IN=ppp0 OUT= MAC=
    > SRC=218.18.38.233 DST=65.92.22.19 LEN=60 TOS=0x00 PREC=0x00 TTL=31
    > ID=27559 DF PROTO=TCP SPT=46311 DPT=49318 WINDOW=5808 RES=0x00 RST SYN
    > URGP=0
    > May 17 07:36:47 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1662 DF PROTO=TCP
    > SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 07:36:50 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1663 DF PROTO=TCP
    > SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 07:54:34 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30331 DF PROTO=TCP
    > SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 07:54:37 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30332 DF PROTO=TCP
    > SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 08:01:49 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35286 DF PROTO=TCP
    > SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    > May 17 08:01:52 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
    > DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35287 DF PROTO=TCP
    > SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
    >
    >

    I guess comp.os.linux.security is not a high frequency newsgroup,
    perhaps comp.os.linux.networking will be helpful. Hence this post to
    networking.

    Followups are all set to networking.

    ->HS 

    -- 
(Remove all underscores,if any, from my email address to get the correct 
one. Apologies for the inconvenience but this is to reduce spam.)
  • Next message: David Wild: "Parental control programs?"

    Relevant Pages

    • Re: Problem with multi-aliases network interfaces
      ... I'm using static ip's in all ifaces, and wpa_supplicant over eth1. ... only eth1 and eth0 configured with static ip's don't have problems. ... over diferent IP subnetworks, the "network" init script appear to forgot ...
      (Fedora)
    • Kernel upgrade 2.4.18-14 -> 2.4.23 (rh8)
      ... I just recompiled a new kernel, ... eth0: Broadcom BCM5701 Integrated Copper transceiver found ... eth1: Broadcom BCM5701 Integrated Copper transceiver found ... Dec 5 10:07:55 network: Setting network parameters: succeeded ...
      (RedHat)
    • Re: VOIP with a linksys PAP2
      ... >>automatically configured by DHCP in his router, ... configured eth0 to use DHCP). ... to a single network interface (each network interface has a unique MAC ... via eth1) in order for your PAP2 to be configured correctly. ...
      (Fedora)
    • Re: configuring Multiple network cards
      ... eth1 previously had its own IP address ... > firewall router broke down. ... Those would only use network or host routing. ... gw on eth0 that leads to internet. ...
      (comp.os.linux.networking)
    • Re: Proper routes for linux machine with two network ports to same network
      ... I run a Fedora Core 4 system with two network devices eth0 (assigned ... interface is working or sort of, and choose the correct route? ...
      (comp.os.linux.networking)