Re: strange packets from 192.168.1.126



Kevin VW <kl.vanw@xxxxxxxxx> writes:

Dear all,

I've recently noticed some packets coming in on port 22 (sshd) on my
external interface from the 192.168.1.0/24 network. I don't have any
local machines on this network and the packets are coming in on my WAN
interface (via my router). How is that possible? My understanding was
that this network was not routeable from the internet. I'm guessing
someone is try to get at my sshd server. Below are the packets. Is
there any way to get more info on where they are coming from?

Feb 20 20:02:14 tti kernel: iptables chain hostile: IN=eth1 OUT=
MAC=00:0e:0c:dd:73:16:00:11:6e:00:f9:70:08:00 SRC=192.168.1.126
DST=172.16.251.61 LEN=228 TOS=0x10 PREC=0x00 TTL=47 ID=19109 DF
PROTO=TCP SPT=38196 DPT=22 WINDOW=16022 RES=0x00 ACK PSH FIN URGP=0

I'm using iptables on a 2.6 Linux box.

Kevin,
I saw such stuff once in my firewall *incoming* as well and I think
an IP pkg with such private range src addr may arrive if the dst addr
is correct, but of course no answer through Internet to that src addr
is possible.

matthias
.



Relevant Pages

  • Re: strange packets from 192.168.1.126
    ... I've recently noticed some packets coming in on port 22 (sshd) on my ... external interface from the 192.168.1.0/24 network. ... local machines on this network and the packets are coming in on my WAN ...
    (comp.security.ssh)
  • strange packets from 192.168.1.126
    ... I've recently noticed some packets coming in on port 22 (sshd) on my ... external interface from the 192.168.1.0/24 network. ... local machines on this network and the packets are coming in on my WAN ...
    (comp.security.ssh)
  • strange packets from 192.168.1.126
    ... I've recently noticed some packets coming in on port 22 (sshd) on my ... external interface from the 192.168.1.0/24 network. ... local machines on this network and the packets are coming in on my WAN ...
    (comp.security.firewalls)
  • Re: strange packets from 192.168.1.126
    ... external interface from the 192.168.1.0/24 network. ... local machines on this network and the packets are coming in on my WAN ...
    (comp.security.firewalls)
  • Re: [opensuse] SuseFirewall IPv4 vs IPv6
    ... # network security threats. ... # Opening ports for LAN services in the external zone defeats the ... # this setting only works for packets destined for the local machine. ... # If the protocol is icmp then port is interpreted as icmp type ...
    (SuSE)