If your connection is on cable or DSL, expect to get port scanned every few minutes. You'll fill up your firewall logs very fast. Jason -----Original Message----- From: psyche [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 24, 2001 7:26 PM To: Kath Cc: [EMAIL PROTECTED] Subject: Re: [techtalk] Re: Odd firewall outputs (cont) On Sat, 24 Mar 2001, Kath wrote: > Is that (the IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202!) > anything to worry about? > > - Kath > ----- Original Message ----- > From: Kath > To: [EMAIL PROTECTED] > Sent: Saturday, March 24, 2001 12:58 PM > Subject: Odd firewall outputs > > > I have a Debian 2.2 firewall doing ipmasquerade running the kernel that > came with it (2.2.18 IIRC). > > This machine also serves as a web, email and DNS server. > > I woke up this morning and saw the following on the monitor: > > IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202 > IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202 > I was curious about this since I use IP masquerading, too, so I looked up some info on it. From what I was able to find out, it appears someone is pointing a port scanner at your network--and most likely a script kiddie type, because a more experienced cracker would fix the checksum, so the error wouldn't be produced. At least that's what one person said. If you had a friend scan your network, I'd double check and ask them about it, even if the IP looks weird, to make sure it wasn't them. (P.S.--my IP will show up in the logs, too--since I just sent you a finger request to see if you were running finger). In the meantime, I would check out /var/log/messages for other evidence of a scan, and plug up any security holes you have. From doing an nslookup on the IP, it looks like someone possibly on a cable modem or DSL, I think. It could be just some curious person being fast and loose with their port scanner, and just poking around, rather than a serious plan to attack, too. I know I sure get paranoid every time I see something odd like that--and it's usually nothing to worry too bad about after all. psyche P.S.--a personal 'thank you' to you for posting the error--it inspired me to look up stuff and learn something new and useful. :) _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
