Re: Firewall log 192.168.100.1:65535 224.0.0.1:65535

Sun, 19 Aug 2001 10:42:28 -0700 

It is packet fragmentaion. In this case I suspect it is from within his own 
network. I think he plays with video and is trying to broadcast or accept 
traffic via IGMP, the Internet MultiCast Protocal. When a packet is fragmeted 
the part with the header is readable but the rest is not, thus it needs 
somewhere to go, thus port 65535, which is for fragments. In some cases 
broken packets, specially ones from outside are used to cover up hacking 
activity. Only reason I know is I went through the same thing, different 
protocal. That is what cleared it up.

On Sunday 19 August 2001 10:47, Marianne Taylor wrote:
> I have seen the same problem.  Took care of it by not logging this
> activity. But I would like to know more about what it is, and why it
> happens?  Can you elaborate more Ronnie?
>
> Marianne Taylor
>
> On Saturday 18 August 2001 01:01, you wrote:
> >Enable ip defragmentation, probably in etc/sysconfig/network, use
> >/proc/sys/net/ipv4/ip_always_defrag.
> >I think snort suck them up also.
> >
> >On Friday 17 August 2001 15:23, Joel Hammer wrote:
> >> PROTO=2 192.168.100.1:65535 224.0.0.1:65535
> >> Does anyone know what this activity on my external NIC means?
> >> My machine is neither of these two ip's.
> >> This occurs all day, about 5000 hits in the last 5 days.
> >> Been going on for months.
> >> My /etc/protocol gives the following info:
> >> igmp    2       IGMP    # internet group multicast protocol
> >>
> >> nslookup 224.0.0.1 :
> >> ALL-SYSTEMS.MCAST.NET
> >> Address:  224.0.0.1
> >>
> >> 192.168.100.1 can't be found with nslookup.
> >>
> >> Joel
> >>
> >> _______________________________________________
> >> http://linux.nf -- [EMAIL PROTECTED]
> >> Archives, Subscribe, Unsubscribe, Digest, Etc
> >> ->http://linux.nf/mailman/listinfo/linux-users
>
> _______________________________________________
> http://linux.nf -- [EMAIL PROTECTED]
> Archives, Subscribe, Unsubscribe, Digest, Etc
> ->http://linux.nf/mailman/listinfo/linux-users

-- 
Ronnie
==================
Life can be a dream; or it can be a nightmare
it's all in your mind
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users

Reply via email to