Operating Systems > Linux and UNIX

Question about networking & security I guess

(1/1)

Ice-9:
I get frequent messages like this one on the console

SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=01:00:5e:00:00:01:08:00:3e:17:62:52:08:00 SRC=10.95.0.82 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID59608 PROTO=2

I did some res"earch on it but have absolutely no clue what this is all about, actualy read some things about lost icmp packets others about security breaches .....
I guess these are some logs that come from my firewall?
Can somebody tell me what this is all about or tell me where I can find some info?
Many thanks.

KernelPanic:
This is what i know about it:

IN=eth0 - interface it came in
OUT= MAC=01:00:5e:00:00:01:08:00:3e:17:62:52:08:00 - MAC address of where it went out.
SRC=10.95.0.82 -Source IP
DST=224.0.0.1 - Destination IP
TTL=1 - Serial port 1?

www.unixsucks.com:
TTL is time to leave (this is decreased each time on each router to prevent loops)
DEST 224.x is multicast address.
This is most likely one of the services trying to register it IP with multicast group for some conferencing or some other type of service based on multicast.

voidmain:
TTL=Time to "Live" (not Leave, except in unixhater's case)

mobrien_12:
Protocol is 2 so I think it is some sort of ICMP message.  

less /etc/protocols

will tell you for sure.

These are mostly harmless, but can be used in DoS attacks.  Don't worry about that, because you would see numerous entries (like hundreds) if someone was trying to DoS you.

Navigation

[0] Message Index