Web Hosting Talk






PDA

View Full Version : odd log entries..

skylab
04-30-2002, 10:28 AM
hi all.

recently, i have upgraded my ipchains rules and ever since, have been getting hundreds upon hundreds of entries that look like this:

Apr 29 18:11:29 ns1 kernel: Packet log: input DENY eth0 PROTO=1 ran.dom.ip.address:8 one.of.my.ips:0 L=1500 S=0x00 I=3013 F=0x4000 T=242 (#43)
Apr 29 18:12:32 ns1 kernel: Packet log: input DENY eth0 PROTO=1 ran.dom.ip.address:8 one.of.my.ips:0 L=62 S=0x00 I=47866 F=0x0000 T=37 (#43)
Apr 29 18:12:33 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39421 F=0x0000 T=110 (#57)
Apr 29 18:12:34 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39510 F=0x0000 T=110 (#57)
Apr 29 18:12:36 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39571 F=0x0000 T=110 (#57)

all/most are from totally random IP addresses. my logs every morning have jumped to over 500K per email because of it.

port 8 and port 0?


anyone know, because i sure as heck don't.


thanks.
elsmore1
05-01-2002, 12:27 AM
Those are ping (echo) requests. You can disable the logging of those requests by removing the -l parameter from the rule denying the packets. (or by allowing pings)



Originally posted by skylab
hi all.

recently, i have upgraded my ipchains rules and ever since, have been getting hundreds upon hundreds of entries that look like this:

Apr 29 18:11:29 ns1 kernel: Packet log: input DENY eth0 PROTO=1 ran.dom.ip.address:8 one.of.my.ips:0 L=1500 S=0x00 I=3013 F=0x4000 T=242 (#43)
Apr 29 18:12:32 ns1 kernel: Packet log: input DENY eth0 PROTO=1 ran.dom.ip.address:8 one.of.my.ips:0 L=62 S=0x00 I=47866 F=0x0000 T=37 (#43)
Apr 29 18:12:33 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39421 F=0x0000 T=110 (#57)
Apr 29 18:12:34 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39510 F=0x0000 T=110 (#57)
Apr 29 18:12:36 ns1 kernel: Packet log: input DENY eth0 PROTO=17 ran.dom.ip.address:8 one.of.my.ips:0 L=78 S=0x00 I=39571 F=0x0000 T=110 (#57)

all/most are from totally random IP addresses. my logs every morning have jumped to over 500K per email because of it.

port 8 and port 0?


anyone know, because i sure as heck don't.


thanks.
skylab
05-01-2002, 02:56 AM
ah geez. i just noticed that!


thanks for your help!