Folks,
Since I posted my earlier message, I have begun to see this kind of
thing repeatedly. For the past 24 hours, my logs contain over 1000
lines of such packets! By that I mean, if I discard all lines that are
identical to one another except for the T= field, my file goes from
1177 denied packets to 47 denied packets. They are NOT all
port 111 packets--some are port 111, some are port 22, port 21,
port 53, and port 0 (PROTO 1). And they seem to have many different
source IP's as well. I have NEVER seen anything like this over the past
year. I changed from ES2B to D-floppy about two weeks ago. I have
rebooted since these started.
Is it possible that I have a bug somewhere and these log entries are all
from the same packet? Is it possible that someone on my cable
subnet is doing something bad to me?
>Folks, I have begun receiving (and denying) long sequences of packets and I
>am wondering what is going on.
>I am running Dachstein 1.0.2 floppy on a 486/33 with 16MB. VERY nice!
>Thanks Charles and so many others. I am on a cable connection with
>Adelphia, from which I generally get good service.
>Starting several days ago I began receiving long sequences of packets. For
>example, I received the following:
>Jan 17 10:27:25 boxer kernel: Packet log: input DENY eth0 PROTO=6
>65.103.98.68:2240 24.51.134.147:111 L=60 S=0x00 I=4296 F=0x4000 T=39 SYN
>(#62)
>This packet is suspicious in itself, but I also received 38 more like it
>with
>the same time stamp (10:27:25), identical in all fields except the T=
>field. That one contained the numbers 1-38 for each of the other
>packets. They appear in order, decreasing from 39 to 1, in
> /var/log/messages.
--
Mike Sussman
[EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
