[CLUE-Talk] Firewall Question?

Match Grun match at dimensional.com
Wed Jun 5 22:19:04 MDT 2002 

Jim,

Thank you for the information. I have disabled the RIP using
"set rip disabled" command. I don't get any more of those UDP
packets. It is now much easier to see the cracking attempts
on the firewall!

Match


On Tue, 4 Jun 2002 08:17:24 -0600 (MDT)
Jim Ockers <ockers at ockers.net> wrote:

> Match,
> 
> RIP is just a routing protocol.  Cisco's DSL router evidently is
> running a RIP routing protocol.  If you do not need RIP the IOS
> command to get rid of it is "no router rip" .  If your DSL router
> is running CBOS there is probably an equivalent CBOS command to
> disable the routing protocol.
> 
> RIP is a standard component of multiprotocol routing software so
> it is not unusual for a Cisco product to include RIP routing.
> 
> > Guys,
> 
> > I have successfully rebuilt a Linux box and configured IPTABLES.
> > All bad packets are logged before I drop them (on the floor).
> > I notice that my log files grow to about 1.5Mb. I get to see most
> > all the cracker attempts. However, most of the bad packets that
> > are logged are UDP packets on port 520 from the Cisco DSL router
> > to the firewall. These packets are being sent out at 30 second
> > intervals.
> 
> > Here is a sample log entry (I changed IP addresses):
> 
> > Jun  3 23:06:46 slickrock kernel: IPT INPUT packet died: IN=eth1
> >   OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:d0:10:52:d9:08:00
> >   SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=52 TOS=0x00
> >   PREC=0x00 TTL=2 ID=23300 PROTO=UDP SPT=520 DPT=520 LEN=32
> 
> > It seems that there are RIP packets. Is this normal traffic for
> > a router?
> 
> > Match
> > _______________________________________________
> > CLUE-Talk mailing list
> > CLUE-Talk at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-talk
> 
> --
> Jim Ockers (ockers at ockers.net)
> Contact info: please see http://www.ockers.net/
> 
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
> 
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk

More information about the clue-talk mailing list