On Sun, 2003-08-31 at 09:46, engage wrote: > Since setting up Shorewall to discard bad/malformed packets, I've been getting > a lot of log entries like this. Why? I know that the displayed destination > address is a broadcast address. > > Aug 31 08:31:18 n0sq kernel: Shorewall:badpkt:DROP:IN=eth1 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:09:e8:b4:c6:c3:08:00 SRC=0.0.0.0 DST=255.255.255.255 > LEN=576 TOS=0x00 PREC=0x00 TTL=128 ID=8093 PROTO=UDP SPT=68 DPT=67 LEN=556 >
that's a DHCP packet -- grab it with Ethereal and you can see what type. I'd guess client request. > > Also, I've been getting a lot of bad packets from many IP addresses that > belong to my ISP. The strange thing is that the packets have my address as > the destination address. > Maybe they're scanning for services, or maybe other users on the ISP are scanning or have worms. > This is sure taking up a lot of log space. So don't do it :-) Scale back logging. http://www.monkeynoodle.org/comp/reply-to -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com