strange iptables log entry
M.W. Chang
mwchang
Mon May 17 12:00:46 PDT 2004
The actual log entry:
Mar 19 00:21:12 server kernel: [IPTABLES DROP] : IN=eth1 OUT=
MAC=00:a0:c9:57:29:41:00:00:77:95:dc:b8:08:00 SRC=192.168.128.6
DST=61.10.50.59 LEN=352 TOS=0x00 PREC=0x00 TTL=251 ID=19653 DF PROTO=UDP
SPT=67 DPT=68 LEN=332
root at server: old> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
61.10.50.0 0.0.0.0 255.255.254.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 61.10.50.1 0.0.0.0 UG 0 0 0 eth1
It should be coming from outside rather from within my own LAN. Anyway,
it's blocked and that should be ok.
> This could have been someone who had recently been on another network
> with different IP ranges. Since 67 and 68 are used for DHCP/BOOTP, this
> might have been a windows machine requesting it's last known IP address
> from a DHCP server address which took the packets through your
> firewall. Without more knowledge of the firewall, your routing, and the
> actual firewall logs I'm afraid I can't be much more specific.
--
.~. http://toylet.homeip.net
/ v \ Linux 2.4.22-xfs
/( _ )\ 10:54am up 2 days 14:33
^ ^ load average: 1.00 1.00 0.93
More information about the Linux-users
mailing list