Iptables and odd ICMP packets

Devon Thu, 19 Jul 2001 16:56:48 -0700

Anyone have a clue as to why I am seeing these packets in my logs? They 
occur, normally never more than one an hour, several times a day. These 
have been showing up for the past several days. 
The logs don't bother me, it's the fact that I can't figure out what is 
generating the packets in the first place.
Any clues would be appreciated.

eth0 is my external interface.

Jul 19 09:30:34 tuxfan kernel: PACKET DROPPED:IN=eth0 OUT= 
MAC=00:a0:cc:e5:09:4e:00:d0:ba:a8:02:70:08:00 SRC=202.97.33.9 
DST=24.241.42.144 LEN=56 TOS=0x00 PREC=0x00 TTL=244 ID=0 PROTO=ICMP 
TYPE=11 CODE=0 [SRC=24.241.42.144 DST=205.216.80.23 LEN=48 TOS=0x00 
PREC=0x00 TTL=1 ID=6662 DF PROTO=TCP SPT=1202 DPT=1244 WINDOW=0 
RES=0x00 URGP=0 ] 

# host 202.97.33.9
9.33.97.202.in-addr.arpa. domain name pointer p-13-0-r1-c-bjbj-1.cn.net.
# host 205.216.80.23
23.80.216.205.in-addr.arpa. domain name pointer gravestone.net.
23.80.216.205.in-addr.arpa. domain name pointer irc.gravestone.net.
******************************************************************

Jul 19 10:19:58 tuxfan kernel: PACKET DROPPED:IN=eth0 OUT= 
MAC=00:a0:cc:e5:09:4e:00:d0:ba:a8:02:70:08:00 SRC=152.63.37.205 
DST=24.241.42.144 LEN=56 TOS=0x00 PREC=0x00 TTL=247 ID=0 PROTO=ICMP 
TYPE=3 CODE=1 [SRC=24.241.42.144 DST=205.160.101.121 LEN=48 TOS=0x00 
PREC=0x00 TTL=115 ID=31365 DF PROTO=TCP SPT=1058 DPT=6667 WINDOW=0 
RES=0x00 URGP=0 ] 

# host 152.63.37.205
205.37.63.152.in-addr.arpa. domain name pointer 
193.ATM6-0.GW1.RIC2.ALTER.NET.
# host 205.160.101.121
Host 121.101.160.205.in-addr.arpa. not found: 3(NXDOMAIN)
********************************************************************

Jul 19 11:36:36 tuxfan kernel: PACKET DROPPED:IN=eth0 OUT= 
MAC=00:a0:cc:e5:09:4e:00:d0:ba:a8:02:70:08:00 SRC=152.63.84.205 
DST=24.241.42.144 LEN=56 TOS=0x00 PREC=0x00 TTL=247 ID=0 PROTO=ICMP 
TYPE=3 CODE=1 [SRC=24.241.42.144 DST=209.212.134.35 LEN=48 TOS=0x00 
PREC=0x00 TTL=115 ID=31365 DF PROTO=TCP SPT=1061 DPT=1204 WINDOW=0 
RES=0x00 URGP=0 ] 

# host 152.63.84.205
205.84.63.152.in-addr.arpa. domain name pointer 
194.ATM7-0.GW4.JAX1.ALTER.NET.
# host 209.212.134.35
35.134.212.209.in-addr.arpa. domain name pointer rci.fdt.net.
*************************************************************

Jul 19 18:21:02 tuxfan kernel: PACKET DROPPED:IN=eth0 OUT= 
MAC=00:a0:cc:e5:09:4e:00:d0:ba:a8:02:70:08:00 SRC=157.130.52.209 
DST=24.241.42.144 LEN=56 TOS=0x00 PREC=0x00 TTL=247 ID=0 PROTO=ICMP 
TYPE=3 CODE=1 [SRC=24.241.42.144 DST=209.212.128.47 LEN=48 TOS=0x00 
PREC=0x00 TTL=122 ID=23047 DF PROTO=TCP SPT=1221 DPT=1254 WINDOW=0 
RES=0x00 URGP=0 ] 

# host 157.130.52.209
209.52.130.157.in-addr.arpa. domain name pointer 
500.POS2-0.SR3.SEA9.ALTER.NET.
# host 209.212.128.47
47.128.212.209.in-addr.arpa. domain name pointer watto.fdt.net.

Thanks in advance,

-D



_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
Iptables and odd ICMP packets

Reply via email to
