On Mon, Jun 12, 2000 at 11:57:32AM -0700, Matthew Thompson wrote: > Hello, > > I'm getting TONS of this: > > Jun 12 06:36:03 doma kernel: Packet log: input REJECT eth0 PROTO=17 > 216.39.146.44:513 216.39.146.255:513 L=88 S=0x00 I=56673 F=0x0000 T=64 > (#5) > Jun 12 06:39:03 doma kernel: Packet log: input REJECT eth0 PROTO=17 > 216.39.146.44:513 216.39.146.255:513 L=88 S=0x00 I=56686 F=0x0000 T=64 > (#5) > > ...in /var/log/syslog (running potato with ipchains over 2 NIC's). Is > this common for a firewall with strong rules, or do I have something > amiss?
It's common. Looks like 216.39.146.44 is running whod (found in the debian package rwhod). This daemon broadcasts information to other servers on the subnet (216.39.146.255 is a broadcast unless your local admin is as weird as I am). PROTO 17 == udp port 513/udp is who according to /etc/services. I see loads of crap on my cable-modem gateway at home. -- Nathan Norman "Eschew Obfuscation" Network Engineer GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
pgpfEGq1FJ4Dz.pgp
Description: PGP signature
