>From /usr/src/linux/include/linux/icmp.h: #define ICMP_ECHOREPLY 0 /* Echo Reply */ #define ICMP_DEST_UNREACH 3 /* Destination Unreachable */ #define ICMP_SOURCE_QUENCH 4 /* Source Quench */ #define ICMP_REDIRECT 5 /* Redirect (change route) */ #define ICMP_ECHO 8 /* Echo Request */ #define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */ #define ICMP_PARAMETERPROB 12 /* Parameter Problem */ #define ICMP_TIMESTAMP 13 /* Timestamp Request */ #define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */ #define ICMP_INFO_REQUEST 15 /* Information Request */ #define ICMP_INFO_REPLY 16 /* Information Reply */ #define ICMP_ADDRESS 17 /* Address Mask Request */ #define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */
-Marcelo Couto ITC.Net Brasil -----Original Message----- From: Christian Pernegger [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 14 de setembro de 2000 14:59 To: Debian security list; Debian user list Subject: Need help analyzing firewall log message Importance: Low Sep 14 19:41:44 jesus kernel: Packet log: \ input DENY eth1 PROTO=1 10.34.15.1:3 x.x.x.x:13 L=56 S=0x00 I=3405 F=0x0000 T=255 (#4) Happens in bursts of ~7, once a day, maybe more eth1 is the external interface, connected to a cable modem that is fully transparent. (That is I block all incoming/outgoing private LAN addresses and it still works) This is the only thing that I ever see coming in from a private address. Protocol 1 is ICMP according to /etc/protocols. 10.34.15.1 seems to be other end of the cable modem bridge. (I made a route and checked.) The target ip is my box. How do I read the ports in ICMP logs? I'm sure it's legit, I just wanna know WTF my ISP is doing... Thanks Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
