Re: [TCLUG:16126] Packet Log to Console?

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:16126] Packet Log to Console?
From: Mike Hicks <hick0088@tc.umn.edu>
Date: Thu, 13 Apr 2000 10:04:12 -0500
References: <Pine.LNX.3.95.1000413071909.27081B-100000@sabis.org>
Sender: mike@3po.dhs.org

Jonathan Kline wrote:
> 
> Anyone have Any idea whaty this means?
> 
> Both syslog and Klog are running........  I came in this morning and had
> 50 or 60 accross the console....
> 
> Pakcet log: input DENY eth0 PROTO=17 0.0.0.0:68 255.255.255.255:67 L=328
> S=0x00 I=16131 F=0x0000 T=128

This appears to be bootp traffic.  However, the kernel must have seen
something weird about the packets to decide to deny the traffic..  I
know the kernel is usually set up to deny completely bogus packets

Something I notice is that the protocol number is 17.  I don't remember
what 17 is..  TCP is 6, ICMP is 1.  

> Please help... IS this just some funky IPChains rules?

I don't know..  It could be -- run `/sbin/ipchains -L' and find out.  If
you don't have any rules regarding bootpc/bootps, then I'd talk to some
networking people wherever you are, as there's probably a system
somewhere sending out garbage..  If there _is_ something there, it's
probably best that you remove it, or at least remove the flag that tells
the kernel to log those packets (they will still be denied).

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   The secret of the 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   universe is#$@P@D>P#@#&  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  NO CARRIER 
 [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@umn.edu ]

References:
- Packet Log to Console?
  - From: Jonathan Kline <jonathankl@sabis.org>

Prev by Date: Re: [TCLUG:16105] SGI Indy is here....
Next by Date: Re: [TCLUG:16146] Fsck Stuff
Prev by thread: Packet Log to Console?
Next by thread: Re: [TCLUG:16126] Packet Log to Console?
Index(es):
- Date
- Thread