Wade Richards <[EMAIL PROTECTED]> writes:
> Notice the "PROTO=UDP" part of the message. It means that this
> is a UDP packet, not a TCP packet. UDP is not a socket-based
> protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
Well, that will teach me to trust my faulty memory when answering a
question. I was confusing UDP and ICMP (and I'm not entirely sure my
answer would have been correct even if we were talking about ICMP).
Hopefully someone with more of a clue can answer the original question.
--- Wade
On 11
Wade Richards <[EMAIL PROTECTED]> writes:
> Notice the "PROTO=UDP" part of the message. It means that this
> is a UDP packet, not a TCP packet. UDP is not a socket-based
> protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
Hello!
In my firewall-log I can find several entries like this:
8<---
Oct 11 19:25:48 asterix kernel: Dropwall: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:**:**:**:**:**:**:**:** SRC=***.***.***.***
DST=***.***.***.*** LEN=1456 TOS=0x00 PREC=0x00 TTL=110 ID=21266 PROTO=UDP
SPT=17060 DPT=0 LEN
Hi,
Notice the "PROTO=UDP" part of the message. It means that this is a UDP packet,
not a TCP packet. UDP is not a socket-based protocol, so the port number is
meaningless for UDP packets. The log message includes port 0 because it was
easier to do that than to have a different format string fo
Well, that will teach me to trust my faulty memory when answering a
question. I was confusing UDP and ICMP (and I'm not entirely sure my
answer would have been correct even if we were talking about ICMP).
Hopefully someone with more of a clue can answer the original question.
--- Wade
On 11
Hi,
Notice the "PROTO=UDP" part of the message. It means that this is a UDP packet,
not a TCP packet. UDP is not a socket-based protocol, so the port number is
meaningless for UDP packets. The log message includes port 0 because it was
easier to do that than to have a different format string fo
Hello!
In my firewall-log I can find several entries like this:
8<---
Oct 11 19:25:48 asterix kernel: Dropwall: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:**:**:**:**:**:**:**:** SRC=***.***.***.***
DST=***.***.***.*** LEN=1456 TOS=0x00 PREC=0x00 TTL=110 ID=21266 PROTO=UDP
SPT=17060 DPT=0 LEN
FAI ATTENZIONE PERCHE' CON QUESTO SISTEMA GUADAGNI DAVVERO !
(se il messaggio vi e' arrivato piu volte scusate ma,
leggetelo
..)
Vorresti Davvero Guadagnare con Internet?
Bene, la prima cosa da fare è salvare su disco questa pagina per averla
a portata di mano anche se il tuo PC no
FAI ATTENZIONE PERCHE' CON QUESTO SISTEMA GUADAGNI DAVVERO !
(se il messaggio vi e' arrivato piu volte scusate ma,
leggetelo
..)
Vorresti Davvero Guadagnare con Internet?
Bene, la prima cosa da fare è salvare su disco questa pagina per averla
a portata di mano anche se il tuo PC n
I am compiling a lids enabled kernel 2.4.18 patched with the lids-2.4
package.
I do not see all of the config options I expect. I have no "Special
authorizations" and no "Special UPS" options.
Other patches I am applying are:
kernel-patch-2.4-lsm
kernel-patch-debianlogo :)
Are these options no
Can you add a Date-Header please ??? I am filtering my around 1700 Mails
(Lists) each day and only yours give me permanetly Errors !!!
Michelle Konzack
Systemadministrator
Am hat P.Ook geschrieben:
>
>Hi all,
>
>I've found 'synchronized pings' in my logs from several hosts all
around the wo
Can you add a Date-Header please ??? I am filtering my around 1700 Mails
(Lists) each day and only yours give me permanetly Errors !!!
Michelle Konzack
Systemadministrator
Am hat P.Ook geschrieben:
>
>The logs are from a firewall box serving a small student net. I'll
investigate if
>people i
I am compiling a lids enabled kernel 2.4.18 patched with the lids-2.4
package.
I do not see all of the config options I expect. I have no "Special
authorizations" and no "Special UPS" options.
Other patches I am applying are:
kernel-patch-2.4-lsm
kernel-patch-debianlogo :)
Are these options n
Can you add a Date-Header please ??? I am filtering my around 1700 Mails
(Lists) each day and only yours give me permanetly Errors !!!
Michelle Konzack
Systemadministrator
Am hat P.Ook geschrieben:
>
>The logs are from a firewall box serving a small student net. I'll
investigate if
>people
Can you add a Date-Header please ??? I am filtering my around 1700 Mails
(Lists) each day and only yours give me permanetly Errors !!!
Michelle Konzack
Systemadministrator
Am hat P.Ook geschrieben:
>
>Hi all,
>
>I've found 'synchronized pings' in my logs from several hosts all
around the w
On Thu, Oct 10, 2002 at 09:15:12AM -0700, Anne Carasik wrote:
> Hi Mathias,
Hi Anne,
I send this one to the list again, I hope this is ok.
>
> Actually, it is a good start. The developer sent me a tutorial,
> and I'm going to help him work on it for the clueless folks like
> me :)
>
> > confi
On Thu, Oct 10, 2002 at 09:15:12AM -0700, Anne Carasik wrote:
> Hi Mathias,
Hi Anne,
I send this one to the list again, I hope this is ok.
>
> Actually, it is a good start. The developer sent me a tutorial,
> and I'm going to help him work on it for the clueless folks like
> me :)
>
> > config
The logs are from a firewall box serving a small student net. I'll investigate
if
people in this net are using services from 'speedera', as all the ips seems to
belong
to that company.
Thank you very much for your help.
Bye.
MA.Varó
> ---Mensaje original---
> De: "Andy Coates" <[EMAIL
On -1 xxx -1, P.Ook wrote:
> Hi all,
>
> I've found 'synchronized pings' in my logs from several hosts all around the
> world.
> Today they where 11 hosts more or less doing ping to my Debian box at the
> same time
> (11 pings in the same second). Sure this is not a DOS attack, almost for my
>
The logs are from a firewall box serving a small student net. I'll investigate if
people in this net are using services from 'speedera', as all the ips seems to belong
to that company.
Thank you very much for your help.
Bye.
MA.Varó
> ---Mensaje original---
> De: "Andy Coates" <[EMAIL
On -1 xxx -1, P.Ook wrote:
> Hi all,
>
> I've found 'synchronized pings' in my logs from several hosts all around the world.
> Today they where 11 hosts more or less doing ping to my Debian box at the same time
> (11 pings in the same second). Sure this is not a DOS attack, almost for my server,
How about an nmap decoy scan with initial ICMP ping of the scanned host, does
it explain what you saw ?
Did you check all these addresses if they were up at the moment of the .. er ..
attack?
BR,
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
Just another techie speaking for himself
> -
23 matches
Mail list logo
