[CLUE-Tech] Question on firewall output
Kevin Fenzi
kevin at scrye.com
Sat Mar 24 09:45:51 MST 2001
>>>>> "ian" == ian <iguy at ionsphere.org> writes:
ian> Correct. Someone probed your port 12345 (a known weakness if you
ian> have that app running). You sent back an ICMP error message (the
ian> DENY) to the originating host.
Note that DENY just drops the packet with no response.
REJECT is the one that sends back a ICMP port unreachable.
With iptables you can even specify what kind of ICMP reply you want to
send with REJECT (icmp-net-unreachable, icmp-host-unreachable,
icmp-port-unreachable, icmp-proto-unreachable, icmp-net-prohibited or
icmp-host-prohibited, which return the appropriate ICMP error message
(port-unreachable is the default))
ian> Unless you have a bunch more (assuming those DENY & REJECTS are
ian> configured to log) log messages, someone at 24.180.153.167
ian> (another @HOME address in PA) scanned that one port.
yep.
ian> That's what that means.
ian> ian
kevin
More information about the clue-tech
mailing list