[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
strange masq packets
- To: linux-il(at-nospam)linux.org.il
- Subject: strange masq packets
- From: Cedar Cox <cedarc(at-nospam)visionforisrael.com>
- Date: Sun, 18 Nov 2001 11:05:51 +0200 (IST)
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Well, I guess they're probably not that "strange".
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Nov 17 22:36:53 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61707 172.26.140.6:9044 L=40 S=0x00 I=3796 F=0x0000 T=255 (#2)
Nov 17 22:36:58 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61707 172.26.140.6:9044 L=40 S=0x00 I=3844 F=0x0000 T=255 (#2)
Nov 17 22:37:10 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61707 172.26.140.6:9044 L=40 S=0x00 I=3983 F=0x0000 T=255 (#2)
Nov 17 22:37:32 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61707 172.26.140.6:9044 L=40 S=0x00 I=4063 F=0x0000 T=255 (#2)
Nov 17 22:38:18 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61707 172.26.140.6:9044 L=40 S=0x00 I=4071 F=0x0000 T=255 (#2)
Nov 17 22:40:38 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61733 172.26.140.7:9044 L=40 S=0x00 I=4317 F=0x0000 T=255 (#2)
Nov 17 22:40:49 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61733 172.26.140.7:9044 L=40 S=0x00 I=4449 F=0x0000 T=255 (#2)
Nov 17 22:41:12 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61733 172.26.140.7:9044 L=40 S=0x00 I=4477 F=0x0000 T=255 (#2)
Nov 17 22:41:58 bibi kernel: Packet log: output DENY ppp0 PROTO=6 192.117.108.105:61733 172.26.140.7:9044 L=40 S=0x00 I=4495 F=0x0000 T=255 (#2)
Correct me if I'm wrong but it just looks like a internal (masq'ed) host
tried to contact the 172.26 network. We do not use this network so it was
sent to the default route but blocked on the way out (..just a safety so
no private traffic gets sent out the ppp0 interface).
Anyway, my question is how do I log which internal machine sent these
packets (2.2 kernel)? I have a machine that's under "quarantine" but
still on the network. I'd just like to know if it's that one doing
"suspicious things"...
Thanks,
-Cedar
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il