"Sean E. Covel" wrote: > > Is this what they call FireWalking? This is my welcome to the new ATTBI > network. Got more of these than Nimda or Code Red hits. Goes on for > pages. 1888 today. Any thoughts?
It looks annoying at first glance. Are you using dhcp? Just wondering. If so, did you have to enter c1240165-a as your hostname into /etc/hosts or /etc/hostname or your /etc/rc.config.d/dhcp conf file? All these are blocked by rule #42. What is that rule? These log messages are from strange hosts. 80% of them don't resolve to a real hostname. All the packets you listed are tcp packets with no SYN flag, meaning they are theoretically responses to some tcp dns request your machine made. Because they are all response packets, I'm not sure what's going on. I don't know why you're getting responses from so many odd computers. The other strange thing, is that I would expect your firewall rules to allow response to outgoing TCP DNS requests. That's why I want to see rule 42. ipchains -L > /tmp/myrules vi /tmp/myrules, find line 42, and post it. Your custom cd boot only sounds nifty. Post a mini-HOWTO when you get it done. Matthew > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 194.205.125.26:32881 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 216.220.39.42:59118 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=236 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 64.56.174.186:30087 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=238 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 202.139.133.129:53767 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=235 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 203.194.166.182:51122 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=231 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 62.26.119.34:58275 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 194.213.64.150:21170 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=237 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 203.208.128.70:12351 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > > BTW, I just switch from ESB2 to Dachstein CD. Went SOOOOOOOO smooth! > Nice to have MAJOR storage, and FAST boots. Charles, you are a GOD. > The partial backup scheme was not too confusing. Only took 3 tries to > get the partial and destination settings correct. I added PortSentry > (on my floppy backup). I think once I'm happy with the setup, I'm going > to do a full backup of everything onto diskette, then dump the CD to a > hard drive. Overlay the HD with the diskette backups, and burn a new > CD. The point is a completely custom setup that boots CD only! Nice > job! _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
