Scott wrote: > > I've been getting tons of these mysterious packets. Eth0 is my external > interface so it's unusual that these two private IPs are hitting it. I > checked it against that ipchains log decoder (forgot the website) which > mostly brushed it off as non-threatening. However, 216.231.46.238 was the > result of a big nasty DOS attack last weekend so I'm suspicious of > everything. Any insight is most helpfull. > > The offending packets (they are constantly coming in): > > Dec 19 09:30:19 mail kernel: Packet log: input DENY eth0 PROTO=6 > 192.168.27.31:80 216.231.46.238:14641 L=41 S=0x00 I=35612 F=0x4000 T=51 > (#10) > > Dec 19 09:30:26 mail kernel: Packet log: input DENY eth0 PROTO=6 > 172.16.0.110:80 216.231.46.238:32992 L=40 S=0x00 I=34533 F=0x4000 T=238 (#9) > > -Scott
Scott, Is there a chance that your ISP uses those private nrs. on their internal network? My ISP uses 192.168.x.x and 172.17.x.x. That could be a hint to why you're getting packets on your eth0...Do you know if your ISP uses any sort of proxies with http? -- Patrick Benson Stockholm, Sweden _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
