cc:
Sent by:Subject: Re: Firewall log
192.168.100.1:65535 224.0.0.1:65535
linux-users-admi
My suspicion is that we on the @HOME network are in reality on a private
network where those 192 ip's can be used. I think that would be possible but
I am just guessing.
Joel
___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe,
www.lynchdigital.com
-Original Message-
From: Joel Hammer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 21, 2001 10:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Firewall log 192.168.100.1:65535 224.0.0.1:65535
My suspicion is that we on the @HOME network are in reality
Quoting Joel Hammer [EMAIL PROTECTED]:
My suspicion is that we on the @HOME network are in reality on a
private
network where those 192 ip's can be used. I think that would be possible
but
I am just guessing.
Joel
Good guess then. You are correct (unless they have changed things). I
First off, the 192.168.x.x is a reserve address space, which you should NOT
be seeing, unless you don't have any registered ip addresses and your
border router is a 192.168.x.x address as well.
Secondly, this is multicast traffic, which is pretty selectively allowed.
Route discovery protocols
On Mon, Aug 20, 2001 at 07:11:49PM -0400, [EMAIL PROTECTED] wrote:
First off, the 192.168.x.x is a reserve address space, which you should NOT
be seeing, unless you don't have any registered ip addresses and your
border router is a 192.168.x.x address as well.
Secondly, this is multicast
I have seen the same problem. Took care of it by not logging this activity.
But I would like to know more about what it is, and why it happens? Can you
elaborate more Ronnie?
Marianne Taylor
On Saturday 18 August 2001 01:01, you wrote:
Enable ip defragmentation, probably in
Joel Hammer wrote:
PROTO=2 192.168.100.1:65535 224.0.0.1:65535
Does anyone know what this activity on my external NIC means?
My machine is neither of these two ip's.
This occurs all day, about 5000 hits in the last 5 days.
Been going on for months.
My /etc/protocol gives the following
It is packet fragmentaion. In this case I suspect it is from within his own
network. I think he plays with video and is trying to broadcast or accept
traffic via IGMP, the Internet MultiCast Protocal. When a packet is fragmeted
the part with the header is readable but the rest is not, thus it
Enable ip defragmentation, probably in etc/sysconfig/network, use
/proc/sys/net/ipv4/ip_always_defrag.
I think snort suck them up also.
On Friday 17 August 2001 15:23, Joel Hammer wrote:
PROTO=2 192.168.100.1:65535 224.0.0.1:65535
Does anyone know what this activity on my external NIC means?
10 matches
Mail list logo
