Sep 14 19:41:44 jesus kernel: Packet log: \
input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x0000
T=255 (#4)
Happens in bursts of ~7, once a day, maybe more
eth1 is the external interface, connected to a cable modem that is fully
transparent.
(That is I block all incoming/outgoing private LAN addresses and it still
works)
This is the only thing that I ever see coming in from a private address.
Protocol 1 is ICMP according to /etc/protocols.
10.34.15.1 seems to be other end of the cable modem bridge. (I made a route
and checked.)
The target ip is my box.
How do I read the ports in ICMP logs?
I'm sure it's legit, I just wanna know WTF my ISP is doing...
Thanks
Christian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]