[CLUE-Tech] Question on firewall output
ian
iguy at ionsphere.org
Sat Mar 24 20:01:06 MST 2001
Thanks for that clear up. See what happens when you try to quick
respond to an email while your heading out the door to get on a
lottery to buy a house.
ian
On Sat, Mar 24, 2001 at 09:45:51AM -0700, Kevin Fenzi wrote:
> >>>>> "ian" == ian <iguy at ionsphere.org> writes:
>
> ian> Correct. Someone probed your port 12345 (a known weakness if you
> ian> have that app running). You sent back an ICMP error message (the
> ian> DENY) to the originating host.
>
> Note that DENY just drops the packet with no response.
> REJECT is the one that sends back a ICMP port unreachable.
>
> With iptables you can even specify what kind of ICMP reply you want to
> send with REJECT (icmp-net-unreachable, icmp-host-unreachable,
> icmp-port-unreachable, icmp-proto-unreachable, icmp-net-prohibited or
> icmp-host-prohibited, which return the appropriate ICMP error message
> (port-unreachable is the default))
>
> ian> Unless you have a bunch more (assuming those DENY & REJECTS are
> ian> configured to log) log messages, someone at 24.180.153.167
> ian> (another @HOME address in PA) scanned that one port.
>
> yep.
>
> ian> That's what that means.
> ian> ian
>
> kevin
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list