I've recently crawled my way out to the world of GNU-Linux and I'm glad. My mission is to help others do the same. My little Dachstein router works well on my cable modem here in Oregon. I was able to figure out pretty easily how to configure the simple network from the instructions that were provided! THANKS! . . Question is what do the following messages actually mean? What exactly is happening here? I discovered by using samspade.org that the IP addresses in these messages appear to be owned by, like IANA, the Internet Assigned Numbers Authority, and I think sometimes others. I can send more log entries, if anyone's interested. I'm pretty sure that the firewall is merely doing its job and I've got nothing to worry about, but just how to interpret the log messages here. Heh. What's the best way for me to learn this stuff?
I've never found any free resource even close to as good as the O'Reilly book Internet Core Protocols, which is where I refer to whenever I can't figure out one of these things from memory. As to yours ...
Thanks again!
Nov 16 06:42:04 firewall syslogd 1.3-3#31.slink1: restart. Nov 16 06:43:35 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.215.128.1:67 255.255.255.255:68 L=333 S=0x00 I=25419 F=0x0000 T=255 (#8) Nov 16 06:43:35 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.215.128.1:67 255.255.255.255:68 L=343 S=0x00 I=25421 F=0x0000 T=255 (#8) Nov 16 06:45:56 firewall kernel: Packet log: input DENY eth0 PROTO=17 172.29.78.1:67 255.255.255.255:68 L=363 S=0x00 I=25537 F=0x0000 T=255 (#9) Nov 16 06:45:56 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.215.128.1:67 255.255.255.255:68 L=363 S=0x00 I=25539 F=0x0000 T=255 (#8) Nov 16 06:46:43 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.207.5.1:67 255.255.255.255:68 L=363 S=0x00 I=25571 F=0x0000 T=255 (#8)
10.b.c.d/8 and 172.16.c.d/12 (I think /12 ... sccond number can be 16 to 31) are two of the "private" IP address ranges intended for use behind NAT'ing routers and in other settings where the hosts getting the addresses do not have *direct* access to the Internet. The third, probably more familiar to you, is 192.168.c.d/16.
This sort of packet can be an attack, but often it is just a leaky router at some other site on the same ISP network you are on. Or it could be use of these private addresses by your ISP itself, particular plausible here since the ports involved indicate that the traffic is coming from DHCP (bootp) servers ... servers that ISPs often put on private addresses ... and going to DHCP clients.
------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
