/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Hello all
Can any one tell me what is going on and why Im getting this in my log
files. See log out put below. This goes on all day. IT started just a few
day's agao. My Internet interface is eth1. I have the following rule in my
firewall scripts.
INET="-V xxx.xxx.xxx.xxx" #where xxx.xxx.xxx.xxx is my static Iternet
IP address.
/sbin/ipfwadm -I -a deny -o $INET -S 10.0.0.0/8
/sbin/ipfwadm -I -a deny -o $INET -D 10.0.0.0/8
I know I can remove the -o from the rule but I want to know when someone is
trying to spoof my interface. Any help would be great. Below is a clip from
my log file.
Sep 10 01:05:07 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64272 F=0x0040 T=1
Sep 10 01:05:12 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64273 F=0x0040 T=1
Sep 10 01:05:16 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64274 F=0x0040 T=1
Sep 10 01:05:20 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64275 F=0x0040 T=1
Sep 10 01:05:24 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64276 F=0x0040 T=1
Sep 10 01:05:28 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64277 F=0x0040 T=1
Sep 10 01:05:33 wormhole kernel: IP fw-in deny eth1 UDP 10.0.0.1:1999
255.255.255.255:1999 L=188 S=0x00 I=64278 F=0x0040 T=1
Thanks again.
Bert Beaudin
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
