Ok, this one is interesting, I think.
I have a cable modem, which is connected to a local (172.x.x.x) net and
masqueraded on the internet. (I think that is how it works). Anyhow, some
idiots on this internal net have services broadcasting to everyone and so
are constantly filling my logs with "DENY 172.16.xxx.xxx blah blah blah"
messages from the firewall. The vast majority of these are on port 2301.
Recently however, things have taken an interesting twist, with a new address
showing up - 127.0.0.1, also on port 2301. Now I don't think that this is
from my machine, because it only happens when I am physically connected to
the network (ie, i plug in the ethernet cable). Only. No other time. Also,
netstat does not show port 2301 as open or listening on anything.
the deny line looks a little like this: [snip] input DENY eth0 PROTO=17
127.0.0.1:2301 255.255.255.255:2301 [snip] (#32)
Is it possible that someone on the network is actually broadcasting to
everyone their attempt to connect to localhost? What is this? Could it be
coming from my box?
--
Chris and Yoshiko Spackman
[EMAIL PROTECTED] (English)
[EMAIL PROTECTED] (Japanese)
www.openhistory.org
gratuitous quote:
"I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered. My life is my own."
-The Prisoner
