At 10:20 14-07-2001 -0700, you wrote:
>On Sat, 14 Jul 2001, A.J. Werkman wrote:
>
>- At 03:52 14-07-2001 -0400, you wrote:
>- >On Fri, 13 Jul 2001, A.J. Werkman wrote:
>- >
>- > >Date: Fri, 13 Jul 2001 20:18:15 +0200
>- > >From: A.J. Werkman <[EMAIL PROTECTED]>
>- > >To: [EMAIL PROTECTED]
>- > >Reply-To: [EMAIL PROTECTED]
>- > >Content-Type: text/plain; charset="us-ascii"; format=flowed
>- > >Subject: Strange IP traffic
>- > >
>- > >I have a dual NIC RH7.1 box, with one NIC almost completly blocked by
>- > >firewall rules.
>- > >
>- > >In my logfile's I find entries I can not point to any of the
>applications I
>- > >use:
>- > >
>- > >eth0 PROTO=2 <host-address>:65535 244.0.1.1:65535
>- > >
>- > >Can anyone point me to the application that is making this trafic???
>- >
>- >Cablemodem connection? Likely your ISP's router. That is IGMP
>- >messages.
>- >
>- >Just ignore it, it is harmless.
>-
>- What is bothering me, is that this one is not connected to a cable modem,
>- not even directly connected to my ISP (only through another linux box on my
>- LAN).
>-
>- Furthermore it is not receiving these packets, but is sending them. I know
>- nothing about an application I have installed that would send these packets.
>
>These are routing control messages and you have not posted enough
>information to answer your question. Try posting a _complete_ log
>entry and a description of the IP addresses and architecture of your
>LAN. Be sure to identify which machine is receiving the messages.
>Is there a router, switch, or manageable hub aywhere?
>
>--
>--Stephen Carville
Jul 16 14:49:35 wgw kernel: Packet log: output DENY eth0 PROTO=2
xxx.xxx.xxx.xxx:65535 224.0.1.1:65535 L=32 S=0x00 I=0 F=0x4000 T=1
O=0x00000494 (#1)
Jul 16 14:49:48 wgw last message repeated 5 times
Jul 16 14:49:52 wgw kernel: Packet log: output DENY eth0 PROTO=2
xxx.xxx.xxx.xxx:65535 224.0.1.1:65535 L=32 S=0x00 I=0 F=0x4000 T=1
O=0x00000494 (#1)
Jul 16 14:50:23 wgw last message repeated 12 times
Jul 16 14:51:24 wgw last message repeated 22 times
Jul 16 14:52:25 wgw last message repeated 36 times
Jul 16 14:53:32 wgw last message repeated 24 times
Jul 16 14:54:38 wgw last message repeated 28 times
Jul 16 14:55:40 wgw last message repeated 24 times
Jul 16 14:56:48 wgw last message repeated 30 times
Jul 16 14:57:53 wgw last message repeated 24 times
Jul 16 14:58:54 wgw last message repeated 18 times
Jul 16 14:59:59 wgw last message repeated 22 times
Jul 16 15:01:03 wgw last message repeated 20 times
Jul 16 15:02:07 wgw last message repeated 26 times
Jul 16 15:03:09 wgw last message repeated 30 times
Jul 16 15:04:13 wgw last message repeated 26 times
Jul 16 15:05:17 wgw last message repeated 26 times
Jul 16 15:06:02 wgw last message repeated 17 times
Jul 16 15:06:04 wgw kernel: Packet log: output DENY eth0 PROTO=2
xxx.xxx.xxx.xxx:65535 224.0.1.1:65535 L=32 S=0x00 I=0 F=0x4000 T=1
O=0x00000494 (#1)
Jul 16 15:06:35 wgw last message repeated 8 times
Jul 16 15:07:38 wgw last message repeated 18 times
I see this ipchains-message on the machine that is sending the packets
itself. <xxx.xxx.xxx.xxx> is the exterior NIC IP-address of this machine. I
have ipchains blocking most of the trafic on this machine to the outside
LAN. This box itself is the router between the interior and exterior LAN.
It logs this message about every minute, together with "last message
repeated x times" where x varies between 10 and 40. The log doesn't say
which message it has repeated.
But on that machine I do not have to the best of my knowledge an
application that uses routing protocol nore is there a router, switch hub
or anything else on the LAN that could generate this trafic. Al that is on
this LAN are RedHat boxes and Windows workstations.
Does the kernel send this kind of trafic itself??
Koos.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
