[CLUE-Talk] Firewall Question?
Match Grun
match at dimensional.com
Mon Jun 3 23:33:03 MDT 2002
Guys,
I have successfully rebuilt a Linux box and configured IPTABLES.
All bad packets are logged before I drop them (on the floor).
I notice that my log files grow to about 1.5Mb. I get to see most
all the cracker attempts. However, most of the bad packets that
are logged are UDP packets on port 520 from the Cisco DSL router
to the firewall. These packets are being sent out at 30 second
intervals.
Here is a sample log entry (I changed IP addresses):
Jun 3 23:06:46 slickrock kernel: IPT INPUT packet died: IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:d0:10:52:d9:08:00
SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=52 TOS=0x00
PREC=0x00 TTL=2 ID=23300 PROTO=UDP SPT=520 DPT=520 LEN=32
It seems that there are RIP packets. Is this normal traffic for
a router?
Match
More information about the clue-talk
mailing list