On Sunday 31 August 2003 11:43 am, Jack Coates wrote: >On Sun, 2003-08-31 at 09:46, engage wrote: >> Since setting up Shorewall to discard bad/malformed packets, I've been >> getting a lot of log entries like this. Why? I know that the displayed >> destination address is a broadcast address. >> >> Aug 31 08:31:18 n0sq kernel: Shorewall:badpkt:DROP:IN=eth1 OUT= >> MAC=ff:ff:ff:ff:ff:ff:00:09:e8:b4:c6:c3:08:00 SRC=0.0.0.0 >> DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=128 ID=8093 PROTO=UDP >> SPT=68 DPT=67 LEN=556 > >that's a DHCP packet -- grab it with Ethereal and you can see what type. >I'd guess client request.
I forgot that a lot of the new accounts at the ISP are now DHCP. > >> Also, I've been getting a lot of bad packets from many IP addresses that >> belong to my ISP. The strange thing is that the packets have my address as >> the destination address. > >Maybe they're scanning for services, or maybe other users on the ISP are >scanning or have worms. Possibly. I'm going to have to spend more time on network analysis. I might be able to get away from the computer someday.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
