firewallspotting
Ilya Palagin
tux-4CS0UopE6WdBDgjK7y7TUQ at public.gmane.org
Wed Dec 29 23:41:18 UTC 2004
daniel wrote:
> i saw a strange thing in /var/log/messages the other day:
>
> <date> <host> kernel: IN= OUT=eth0 SRC=<myIP> DST=<otherIP> LEN=68 TOS=0x00
> PREC=0xC0 TTL=64 ID=52006 PROTO=ICMP TYPE=3 CODE=1 [SRC=<otherIP>
> DST=<internalIP> LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=0 DF PROTO=TCP
> SPT=33698 DPT=6881 WINDOW=0 RES=0x00 RST URGP=0 ]
>
> myIP is my router's external ip
> otherIP is some ip from singapore
> internalIP is a mac osX box on my lan that at the moment is off
> my firewall blocks all outgoing packets by default.
>
> so i have a few questions:
>
> 1. why does it look like my router is blocking an icmp type 3 packet going
> OUT?
>
> 2. how do i generate an icmp type 3 request to test this sort of thing?
>
> 3. what does this mean?
Something is trying to connect to port 6881 on your server. The server
is replying with ICMP Type 3,
which stands for "Destination unreachable" message. Your iptables stack
doesn't have a rule which allows those kind of packets to go out.
To simulate this situation, just try to connect to the same port from an
outside IP address like this:
telnet <your IP> 6881
or with a more advanced tool like NetCat.
>
> i've since blocked the ip completely, adding it to a drop list, but i'd still
> like to know what's going on. thanks for the insight.
>
>
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list