Randy Edwards wrote:
>
> Could someone point me in the direction of where I could find
> info on deciphering the following log entries and what the
> various fields in them mean?
I have no idea where to look for info or where to learn it......
Probably "Building Internet Firewalls"
Feb 10 18:04:08 DATE/TIME
spartacus kernel: SYSTEM NAME
Packet log: WHICH LOGGING FACILITY YOU ARE USING
input FILTER TYPE (INPUT Vs. OUTPUT)
DENY ACTION TAKEN BY THE KERNEL (ACCEPT/REJECT/DENY)
eth0 INTERFACE
PROTO=17 PROTOCOL OF THE PACKETS IN QUESTION (17=UDP) check
/etc/protocols
216.64.120.51:1801 SOURCE IP ADDRESS : ORIGINATING PORT #
255.255.255.255:1801 DESTINATION IP : DESTINATION PORT #
L=80 S=0x00 I=1782 F=0x0000 T=128 I ever DID find out what this was
(#7) I BELIEVE (and I could be wrong) THIS IS THE RULESET #
Just at a glance, this is a fairly common message. I see about 1000 of
these a day, and I filter out the offending IP addresses. Generally,
this is a multicast broadcast. If you are on a Mediaone segment, it
usually means that someone on the same segment is running a RealAudio
server. Unfortunatly, it can also be a broadcast sweep of an entire
network to see what systems are responding on certain ports.
Kenny
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
