On Sat, Jul 05, 2003 at 01:12:35PM -0400, [email]dzpostdedekind.net[/email] wrote:PROTO=2 means it's IGMP, 'Internet Group Management'. I have no idea> The following report of a denied packet has been appearing about once
> or twice a day in my system logs:
> Jul 4 10:12:48 gateway kernel: Packet log:
> input DENY eth0 PROTO=2 0.0.0.0:65535 22.214.171.124:65535
> L=32 S=0x00 I=19572 F=0x0000 T=1 O=0x00000494 (#5)
what that means, though :)
I'm pretty sure the 224 addresses are related to IP Multicast. Hmmm, I> I think I understand why the packet is being blocked, but I'm more
> more concerned with what it is and where it's coming from. What does
> it mean for the source address to be 0.0.0.0? And what is 126.96.36.199?
guess I can't actually help, but maybe google will now that you have
some keywords :) Also, there's a debian-firewall list (on this very
server) which is full of nice people who probably know the proper answer
to your question.
Rob Weir <rweirertius.org> | [email]mlspamertius.org[/email] | Do I look like I want aCC?
Words of the day: offensive information warfare Lexis-Nexis kibo kilderkin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----