On Thursday 08 February 2001 03:13 am, you wrote:
> the deny line looks a little like this: [snip] input DENY eth0 PROTO=17
> 127.0.0.1:2301 255.255.255.255:2301 [snip] (#32)
> Is it possible that someone on the network is actually broadcasting to
> everyone their attempt to connect to localhost? What is this? Could it
> be coming from my box?
You've hit the nail on the head, someone on the network is sending
broadcast packets from localhost for some reason. Let's disect the packet
to see what is up.
input DENY eth0 -- This is coming from outside the firewall, assuming that
eth0 is the NIC you have connected to the cable modem. So its someone
else's misconfigured box.
PROTO=17 127.0.0.1:2301 255.255.255.255:2301-- These are UDP packets, so
its a UDP broadcast of some sort. Port 2301 is listed as belonging to
Compaq Insight Manager, and have seen some posts about people seeing
similar broadcasts from boxes with this utility installed. It sounds like
a misconfigured Compaq Server somewhere on the cable segment.
--
Matthew Micene A host is a host from coast to coast,
Systems Development Manager and no one will talk to a host too close
Express Search Inc. Unless the host that isn't close
www.ExpressSearch.com is busy, hung or dead
