On Mon, 18 Jun 2001, MaD dUCK wrote: > also sprach Sebastiaan (on Mon, 18 Jun 2001 02:45:35PM +0200): > > The SRC is invalid, I only have 192.168.1.* network and a 212.127.*.* to > > the internet (cable modem). I would like to know who is really doing this. > > > > Does someone have nay idea what is going on? Is this some kind of > > attack? > > can you tell us more about your network - i.e. configuration and ip > addresses? Of course: The (firewall)server has two network interfaces: eth1 connects to the local network, 192.168.1.*. It's own IP is 192.168.1.3 (hostname aluqah). Connected to that network are two computers yet.
To the other interface, eth0, a COM21 cable modem is connected. The IP of eth0 is 212.127.242.126, MAC=00:05:02:AE:72:35. The cable modem has MAC 00:a0:73:25:12:34. One thing that you might need to know is that my cable company, or ISP, misconfigured the ARP cache of their servers, so I am flooded with ARP requests continiously but they claim that it is normal. When I run iptraf I see about 2000 hosts within an hour, all from my cable modem network (212.127.*.*). I only receive some data from them, but I do not send something back (well, my computer). I am running 2.4.6-pre3 with iptables. I installed a script that I found this morning from: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS L4Linux/templates/firewall.iptables.devel?rev=HEAD&content-type=text/vnd .viewcvs-markup It works well, as it looks, but it is far to big to explain in detail what it is doing: blocks ports, takes care of trojan attacks, opens serverices, etc. With arp -n I only see the macs of my local interfaces. Thanks in advance, Sebastiaan piece of syslog: Jun 18 15:05:47 aluqah kernel: UDP Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:f0:19:b0:8e:08:00 SRC=192.168.0.2 DST=255.255.255.255 LEN=176 TOS=0x00 PREC=0x00 TTL=128 ID=2147 PROTO=UDP SPT=1015 DPT=1015 LEN=156 Jun 18 15:05:51 aluqah kernel: UDP Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:f0:19:b0:8e:08:00 SRC=192.168.0.2 DST=255.255.255.255 LEN=176 TOS=0x00 PREC=0x00 TTL=128 ID=2149 PROTO=UDP SPT=1015 DPT=1015 LEN=156 Jun 18 15:05:51 aluqah kernel: UDP Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:b5:08:42:0d:08:00 SRC=212.127.128.183 DST=255.255.255.255 LEN=240 TOS=0x00 PREC=0x00 TTL=128 ID=52736 PROTO=UDP SPT=2301 DPT=2301 LEN=220 Jun 18 15:05:54 aluqah kernel: UDP Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:f0:19:b0:8e:08:00 SRC=192.168.0.2 DST=255.255.255.255 LEN=176 TOS=0x00 PREC=0x00 TTL=128 ID=2151 PROTO=UDP SPT=1015 DPT=1015 LEN=156
