Author Topic: Question about networking & security I guess  (Read 542 times)

Ice-9

  • Member
  • **
  • Posts: 322
  • Kudos: 0
    • http://users.pandora.be/Ice9
Question about networking & security I guess
« on: 26 August 2002, 21:37 »
I get frequent messages like this one on the console

SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=01:00:5e:00:00:01:08:00:3e:17:62:52:08:00 SRC=10.95.0.82 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID59608 PROTO=2

I did some res"earch on it but have absolutely no clue what this is all about, actualy read some things about lost icmp packets others about security breaches .....
I guess these are some logs that come from my firewall?
Can somebody tell me what this is all about or tell me where I can find some info?
Many thanks.
He was sitting on a rock. He was barefoot. His feet were frosty with ice-nine .....

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Question about networking & security I guess
« Reply #1 on: 26 August 2002, 21:43 »
This is what i know about it:

IN=eth0 - interface it came in
OUT= MAC=01:00:5e:00:00:01:08:00:3e:17:62:52:08:00 - MAC address of where it went out.
SRC=10.95.0.82 -Source IP
DST=224.0.0.1 - Destination IP
TTL=1 - Serial port 1?
Contains scenes of mild peril.

www.unixsucks.com

  • Member
  • **
  • Posts: 131
  • Kudos: 56
    • http://www.unixsucks.com
Question about networking & security I guess
« Reply #2 on: 27 August 2002, 04:26 »
TTL is time to leave (this is decreased each time on each router to prevent loops)
DEST 224.x is multicast address.
This is most likely one of the services trying to register it IP with multicast group for some conferencing or some other type of service based on multicast.
Gregory Suvalian

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Question about networking & security I guess
« Reply #3 on: 27 August 2002, 07:06 »
TTL=Time to "Live" (not Leave, except in unixhater's case)
Someone please remove this account. Thanks...

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Question about networking & security I guess
« Reply #4 on: 28 August 2002, 14:03 »
Protocol is 2 so I think it is some sort of ICMP message.  

less /etc/protocols

will tell you for sure.

These are mostly harmless, but can be used in DoS attacks.  Don't worry about that, because you would see numerous entries (like hundreds) if someone was trying to DoS you.
In brightest day, in darkest night, no evil shall escape my sight....