Hello, On Thu, Sep 14, 2000 at 07:59:08PM +0200, Christian Pernegger wrote: > Sep 14 19:41:44 jesus kernel: Packet log: \ > input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x0000 > T=255 (#4)
For ICMP protocol packets, the number following the source address should be the ICMP type and the number following the destination address should be the ICMP code. See the IPCHAINS-HOWTO (I'm not shouting, the name is written that way) at: http://www.linuxdoc.org Regards, Robert > > Happens in bursts of ~7, once a day, maybe more > > eth1 is the external interface, connected to a cable modem that is fully > transparent. > (That is I block all incoming/outgoing private LAN addresses and it still > works) > This is the only thing that I ever see coming in from a private address. > > Protocol 1 is ICMP according to /etc/protocols. > 10.34.15.1 seems to be other end of the cable modem bridge. (I made a route > and checked.) > The target ip is my box. > > How do I read the ports in ICMP logs? > > I'm sure it's legit, I just wanna know WTF my ISP is doing... > > Thanks > > Christian > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >