Professional Web Applications Themes

strange packet denial - Debian

The following report of a denied packet has been appearing about once or twice a day in my system logs: Jul 4 10:12:48 gateway kernel: Packet log: input DENY eth0 PROTO=2 0.0.0.0:65535 224.0.0.2:65535 L=32 S=0x00 I=19572 F=0x0000 T=1 O=0x00000494 (#5) My question is: What does this mean? This was on my gateway/firewall machine on a small home network, and eth0 is my internal interface. I think I understand why the packet is being blocked, but I'm more more concerned with what it is and where it's coming from. What does it mean for the source address to be 0.0.0.0? And ...

  1. #1

    Default strange packet denial

    The following report of a denied packet has been appearing about once
    or twice a day in my system logs:

    Jul 4 10:12:48 gateway kernel: Packet log:
    input DENY eth0 PROTO=2 0.0.0.0:65535 224.0.0.2:65535
    L=32 S=0x00 I=19572 F=0x0000 T=1 O=0x00000494 (#5)

    My question is: What does this mean? This was on my gateway/firewall
    machine on a small home network, and eth0 is my internal interface.

    I think I understand why the packet is being blocked, but I'm more
    more concerned with what it is and where it's coming from. What does
    it mean for the source address to be 0.0.0.0? And what is 224.0.0.2?

    This machine is running Debian 2.2 (potato) with kernel 2.2 using
    ipchains. My internal net uses the 192.168.x.x address range.

    Thanks for any help.

    --
    David Zelinsky
    [email]dzpostdedekind.net[/email]


    --
    To UNSUBSCRIBE, email to [email]debian-user-requestlists.debian.org[/email]
    with a subject of "unsubscribe". Trouble? Contact [email]listmasterlists.debian.org[/email]
    dzpost@dedekind.net Guest

  2. #2

    Default Re: strange packet denial

    On Sat, Jul 05, 2003 at 01:12:35PM -0400, [email]dzpostdedekind.net[/email] wrote:
    > The following report of a denied packet has been appearing about once
    > or twice a day in my system logs:
    >
    > Jul 4 10:12:48 gateway kernel: Packet log:
    > input DENY eth0 PROTO=2 0.0.0.0:65535 224.0.0.2:65535
    > L=32 S=0x00 I=19572 F=0x0000 T=1 O=0x00000494 (#5)
    PROTO=2 means it's IGMP, 'Internet Group Management'. I have no idea
    what that means, though :)
    > I think I understand why the packet is being blocked, but I'm more
    > more concerned with what it is and where it's coming from. What does
    > it mean for the source address to be 0.0.0.0? And what is 224.0.0.2?
    I'm pretty sure the 224 addresses are related to IP Multicast. Hmmm, I
    guess I can't actually help, but maybe google will now that you have
    some keywords :) Also, there's a debian-firewall list (on this very
    server) which is full of nice people who probably know the proper answer
    to your question.


    --
    Rob Weir <rweirertius.org> | [email]mlspamertius.org[/email] | Do I look like I want aCC?
    Words of the day: offensive information warfare Lexis-Nexis kibo kilderkin

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQE/Ckx5vQ+DhR5zt80RAoKJAJ4v7NhMqFNFg7V94qjYzxrJ5TqcrQ CfU+Z3
    w+yLpd1YJ7SWFflJ2J6Oj3s=
    =N0La
    -----END PGP SIGNATURE-----

    Rob Weir Guest

Similar Threads

  1. CF Potential Denial of Service issue?
    By gregsohl in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: April 4th, 07:43 PM
  2. Sniffer Packet Decode?
    By Bobby Medus in forum Informix
    Replies: 0
    Last Post: September 30th, 12:56 AM
  3. php, denial of service attack
    By Nabil in forum PHP Development
    Replies: 1
    Last Post: September 8th, 01:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139