The following log is from fwlogwatch that made the log from an iptables ruleset, does anyone know what to make of it.
This smells like a traceroute, but I'm not sure since I thought traceroute used icmp code type 30. So I would like some other input. # start end interval chain int proto bytes source port destination port ---------------------------------------------------------------------------- -------------------------------- 8 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 448 64.152.69.30 11 - 65.101.207.209 0 8 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 448 64.159.2.105 11 - 65.101.207.209 0 9 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 504 64.159.0.218 11 - 65.101.207.209 0 9 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 504 209.247.10.233 11 - 65.101.207.209 0 9 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 504 208.172.147.202 11 - 65.101.207.209 0 9 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 504 208.172.146.61 11 - 65.101.207.209 0 9 Dec 04 02:57:18 Dec 04 03:03:55 00:00:06:37 Dropped: eth1 icmp 504 208.172.146.103 11 - 65.101.207.209 0 9 Dec 04 02:57:17 Dec 04 03:03:55 00:00:06:38 Dropped: eth1 icmp 504 208.172.162.61 11 - 65.101.207.209 0 9 Dec 04 02:57:17 Dec 04 03:03:55 00:00:06:38 Dropped: eth1 icmp 504 208.172.166.105 11 - 65.101.207.209 0 6 Dec 04 02:57:17 Dec 04 03:03:54 00:00:06:37 Dropped: eth1 icmp 336 216.52.40.3 11 - 65.101.207.209 0 9 Dec 04 02:57:17 Dec 04 03:03:54 00:00:06:37 Dropped: eth1 icmp 504 63.251.181.117 11 - 65.101.207.209 0 3 Dec 04 02:57:17 Dec 04 03:03:54 00:00:06:37 Dropped: eth1 icmp 168 65.101.207.1 11 - 65.101.207.209 0 Any input would be appreciated, thanks in advance! Dan Ferris - CCNA Engineering Technician/System Administrator ------------- Percept Technology Labs, inc. - Product Test and Compliance Experts 4735 Walnut #E Boulder, CO 80301 303.444.7480 Ext 106 303.444.1565 Fax http://www.percept.com
