Re: Truncated firewall log entries.
From: Trygve Selmer (trselmer_at_start.no)
Date: 07/16/05
- Next message: Nekromancer: "Re: System slowdown with multiple nmaps"
- Previous message: Mr. Boy: "Re: System slowdown with multiple nmaps"
- In reply to: scud: "Re: Truncated firewall log entries."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Jul 2005 01:14:09 +0200
scud wrote:
> Tauno Voipio wrote:
>
>> Rincewind wrote:
>>
>>> I was just checking my firewall logs and found these two entries in
>>> among
>>> the usual rubbish:
>>>
>>> Jul 10 18:03:41 gateway kernel: IPTABLES-IN=eth1 OUT=
>>> MAC=00:c0:26:a5:02:46:00:0e:39:d1:58:8c:08:00 SRC=134.241.122.135
>>> DST=82.7.13.76 LEN=196 TOS=0x00 PREC=0x00 TTL=108 ID=26954 PROTO=46
>>> Jul 10 18:03:41 gateway kernel: IPTABLES-IN=eth1 OUT=
>>> MAC=00:c0:26:a5:02:46:00:0e:39:d1:58:8c:08:00 SRC=134.241.122.135
>>> DST=82.7.13.76 LEN=180 TOS=0x00 PREC=0x00 TTL=105 ID=31095 PROTO=46
>>> ......
>>
>>
>> The entries are not truncated: iptables cannot dissect
>> the protocol 46 any further - it's not TCP or UDP traffic
>> and as such there are no ports to report.
>>
> From iana.org:
>
> mpm-snd 46/tcp MPM [default send]
> mpm-snd 46/udp MPM [default send]
>
> A+
The dump says protocol 46 (which do not have any ports) !
TCP is protocol 6 and UDP is protocol 17.
- Next message: Nekromancer: "Re: System slowdown with multiple nmaps"
- Previous message: Mr. Boy: "Re: System slowdown with multiple nmaps"
- In reply to: scud: "Re: Truncated firewall log entries."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
