On Thu, 15 Jan 2009, Hugo Vanwoerkom wrote: > Hi, > > I have Firehol for iptables front-end and WordPress on Apache. > > Access to WP is restricted to me only, like this: > > interface ppp0 internet > policy drop > protection strong > ... > server http accept src 200.57.201.163 > > So far so good. > > Now the question is: where do the messages in syslog come from, like these: > > Jan 15 10:09:12 debian kernel: [42743.308176] ''IN-internet':'IN=ppp0 OUT= > MAC= SRC=202.97.238.233 DST=200.57.20 > 1.163 LEN=597 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=56368 DPT=1026 > LEN=577 > > because that source does not exist: > > h...@debian:~$ host 202.97.238.233 > 202.97.238.233 does not exist, try again > > Hugo >
Hi, Just because you can't resolve an IP address does not mean that it does not exist. There is no rule that says IP address *have* to have dns resolution. That IP is a valid address, so it is very possible that it does exist. Whois info for it says that its from China, I suspect you will be seeing lots of these, its fairly normal noise. Jeff -- 8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
