Hi all,
From my log files, I got the following messages. I know the below IP
address is coming from the same network as I do. and I have checked the IP
address (203.194.161.2 and 203.194.161.3) with my ISP, they told me the IP
of 203.194.161.2 and 203.194.161.3 are routers. And they have confirmed
that they didn't send me such packet. As the result, It may be spoof
packet. So, how can I stop people sending me thoes packet or how to find
out the sources (where are the packet come from). I got tones of those
garbages in my log files. It's filling up my disk space.
Feb 20 07:26:08 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.2:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#41)
Feb 20 07:26:09 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.3:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#41)
Feb 20 07:26:10 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.81:137 203.194.161.255:137 L=78 S=0x00 I=2823 F=0x0000 T=128
(#40)
Feb 20 07:26:11 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.81:137 203.194.161.255:137 L=78 S=0x00 I=2830 F=0x0000 T=128
(#40)
Feb 20 07:26:11 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.81:138 203.194.161.255:138 L=257 S=0x00 I=2831 F=0x0000 T=128
(#40)
Feb 20 07:26:11 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.2:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#41)
Feb 20 07:26:11 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.3:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#41)
Feb 20 07:26:13 dns1 kernel: Packet log: input DENY eth0 PROTO=17
203.194.161.81:138 203.194.161.255:138 L=229 S=0x00 I=2835 F=0x0000 T=128
(#40)
Thank You so much for your help,
Mark
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
