On Wednesday 29 January 2003 09:51 am, Joey Officer wrote:
> Is
> there a way to trace what appear to be spoofed IP addresses.
They're not spoofed addresses.... just trash from your ISP or a misconfigured
router/firewall, M$ boxes spew traffic broadcasts out all interfaces.
> Jan 29 11:23:47 firewall kernel: Packet log: input DENY eth0 PROTO=17
> 10.51.192.1:67 255.255.255.255:68 L=350 S=0x00 I=25217 F=0x0000 T=255 (#8)
>
> I know the 10.x.x.x is for private use, so its obviously not a real IP.
> But is there a way to 'answer' the request in order to get more information
> from the offending computer to advise the admins and see if they can do
> something about it?
>
> Or is the only answer just to use the silent deny option?
Not the only one, you can edit /etc/ipfilter.conf and remove the -l option
(for logging) for the desired address blocks in the martian {}. This will be
an option in any future updates to Dachstein in /etc/network.conf.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
