Ed:
Heya. The "3D"'s in what you wrote threw me. Ah, the
horror of HTML email. :)
Try this: head to "www.echogent.com/cgi-bin/fwlog.pl"
and plug in the packet you're seeing:
Jan 14 01:00:32 firewall kernel: Packet log: input DENY eth0 PROTO=1
192.168.101.1:0 24.138.23.131:0 L=84 S=0x00 I=5454 F=0x0000 T=251 (#11)
You'll see from there that the "0" isn't a port number
at all: it's the type/code from this ICMP packet. Yes, it's a
reply from a "ping". I believe it got logged because the source
IP was a 192.168.x.y address, which most firewall packages on
LEAF deny and log by default.
Hope this helps!
-Scott
> Hi all,
>
> I just went through last night's logs (it is so nice having them mailed =
> to you) and I had this deny. I thought it was odd since the source and =
> dest ports are both 0, also both the source addresses are 192.168 =
> addresses, and in a short time frame. Not sure what that was from yet, =
> any suggestions?
>
> Jan 14 01:00:32 firewall kernel: Packet log: input DENY eth0 PROTO=3D1 =
> 192.168.101.1:0 24.138.23.131:0 L=3D84 S=3D0x00 I=3D5454 F=3D0x0000 =
> T=3D251 (#11)
> Jan 14 01:01:05 firewall kernel: Packet log: input DENY eth0 PROTO=3D1 =
> 192.168.204.1:0 24.138.23.131:0 L=3D84 S=3D0x00 I=3D5507 F=3D0x0000 =
> T=3D252 (#11)
>
> Cheers
> edt
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
