Match,

RIP is just a routing protocol.  Cisco's DSL router evidently is
running a RIP routing protocol.  If you do not need RIP the IOS
command to get rid of it is "no router rip" .  If your DSL router
is running CBOS there is probably an equivalent CBOS command to
disable the routing protocol.

RIP is a standard component of multiprotocol routing software so
it is not unusual for a Cisco product to include RIP routing.

> Guys,

> I have successfully rebuilt a Linux box and configured IPTABLES.
> All bad packets are logged before I drop them (on the floor).
> I notice that my log files grow to about 1.5Mb. I get to see most
> all the cracker attempts. However, most of the bad packets that
> are logged are UDP packets on port 520 from the Cisco DSL router
> to the firewall. These packets are being sent out at 30 second
> intervals.

> Here is a sample log entry (I changed IP addresses):

> Jun  3 23:06:46 slickrock kernel: IPT INPUT packet died: IN=eth1
>   OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:d0:10:52:d9:08:00
>   SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=52 TOS=0x00
>   PREC=0x00 TTL=2 ID=23300 PROTO=UDP SPT=520 DPT=520 LEN=32

> It seems that there are RIP packets. Is this normal traffic for
> a router?

> Match
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk@clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk

--
Jim Ockers (ockers@ockers.net)
Contact info: please see http://www.ockers.net/

Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
at http://www.cauce.org/ .