On Thu, Feb 08, 2001 at 10:04:30AM -0500, Matthew Micene wrote:
> On Thursday 08 February 2001 03:13 am, you wrote:
> > the deny line looks a little like this: [snip] input DENY eth0 PROTO=17
> > 127.0.0.1:2301 255.255.255.255:2301 [snip] (#32)
> > Is it possible that someone on the network is actually broadcasting to
> > everyone their attempt to connect to localhost? What is this? Could it
> > be coming from my box?
>
> You've hit the nail on the head, someone on the network is sending
> broadcast packets from localhost for some reason. Let's disect the packet
> to see what is up.
>
> input DENY eth0 -- This is coming from outside the firewall, assuming that
> eth0 is the NIC you have connected to the cable modem. So its someone
> else's misconfigured box.
Yes, eth0 is the external nic. The fact that it hit eth0 sort of made me
think that it wasn't me.
> PROTO=17 127.0.0.1:2301 255.255.255.255:2301-- These are UDP packets, so
> its a UDP broadcast of some sort. Port 2301 is listed as belonging to
> Compaq Insight Manager, and have seen some posts about people seeing
> similar broadcasts from boxes with this utility installed. It sounds like
> a misconfigured Compaq Server somewhere on the cable segment.
Yes, I have seen stuff on the net about this 2301 spamming everyone. I told
the isp, but they are taking their own sweet time doing anything about it.
Thanks alot for the help, I was afraid that I might have been spamming the
whole network.
--
Chris and Yoshiko Spackman
[EMAIL PROTECTED] (English)
[EMAIL PROTECTED] (Japanese)
www.openhistory.org
gratuitous quote:
"I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered. My life is my own."
-The Prisoner
