firewallspotting
daniel
danstemporaryaccount-FFYn/CNdgSA at public.gmane.org
Wed Dec 29 20:59:28 UTC 2004
i saw a strange thing in /var/log/messages the other day:
<date> <host> kernel: IN= OUT=eth0 SRC=<myIP> DST=<otherIP> LEN=68 TOS=0x00
PREC=0xC0 TTL=64 ID=52006 PROTO=ICMP TYPE=3 CODE=1 [SRC=<otherIP>
DST=<internalIP> LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=0 DF PROTO=TCP
SPT=33698 DPT=6881 WINDOW=0 RES=0x00 RST URGP=0 ]
myIP is my router's external ip
otherIP is some ip from singapore
internalIP is a mac osX box on my lan that at the moment is off
my firewall blocks all outgoing packets by default.
so i have a few questions:
1. why does it look like my router is blocking an icmp type 3 packet going
OUT?
2. how do i generate an icmp type 3 request to test this sort of thing?
3. what does this mean?
i've since blocked the ip completely, adding it to a drop list, but i'd still
like to know what's going on. thanks for the insight.
--
commander, please. on the issue of galactic peace, i am long past innocence
and fast approaching apathy. it's all a game -- a paper fantasy of names and
borders. only one thing matters, commander. blood calls out for blood.
- londo molari, babylon 5 season 1 "midnight on the firing line"
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list