Disregard my previous post. I found the problem:
The Cisco switch was misconfigured allowing Microsoft's chatty broadcasts to
flood across the backplane on the switch arriving on a dual homed server
that's acting as a firewall/router. Appreciate the responses...
David Ishmael, CCNA, IVCP
Senior Network Management Engineer
Windward Consulting Group, Inc.
Phone: (703) 283-7564
Pager: (888) 910-7094
eFax: (425) 969-4707
Fax: (703) 351-9428
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Benson
Sent: Wednesday, June 06, 2001 12:37 PM
To: [EMAIL PROTECTED]
Subject: Re: IPCHAINS not Logging correctly
David Ishmael wrote:
>
> I've got ipchains running on one of the local Linux servers and have all
> denied packets being logged. The logs look like:
>
> kernel: ll header: ff ff ff ff ff ff 00 a0 c9 06 37 1c 08 00
>
> I know I've seen this before but can't remember what the workaround for it
> was.
A machine which has the mac address, 00:a0:c9:06:37:1c, is sending out
broadcasts, ff ff ff ff ff ff, across your network. Just try and track
down the machine with the mac #. If you use the iproute2 package you
will receive an extra line with the sender's and recipient's ip in hex
format with the interface, eth0, eth1, etc. that's getting hit. Commonly
known as "martian sources". A common problem related to this is the
misconfiguration of ethernet cards with multiple interfaces, if you use
a cable modem and receive these types of messages from misconfigured
machines on the ISP's network from other users, and so forth.
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
