RE: [Leaf-user] Eigerstein2Beta packet log silent deny

Mon, 02 Jul 2001 04:06:13 -0700 

Scott,

I've manually applied some of the rules below to my LRP and works a treat.

Daft question time - how does your Echowall package coexist with the
"standard" distribution of Eigersten2Beta; ie. isn't there a built-in
firewall
script by default with Eiger2Beta?

Unless I'm really wide of the mark I don't seem to have Echowall installed
and I wonder about what happens if you fire off multiple scripts. Am I
making
sense?

Rob

-----Original Message-----
From: Scott C. Best [mailto:[EMAIL PROTECTED]]
Sent: 01 July 2001 22:14
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Eigerstein2Beta packet log silent deny


Rob:
        Heya. Victor's answer is spot-on:

> > Jul  1 00:44:38 pdrtr kernel: Packet log: input DENY eth0 PROTO=2
> > 192.168.100.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=0 F=0x0000 T=1 (#9)
>
> These are multi-cast packets, possibly from your ISP or a misconfigured
> clown on your cable network who is spewing them out.  Multicasts packets
> stay within a network - and are not supposed to pass through the routers
> onto the Internet, so these packets are coming from close by.

        Agreed: see the Time-to-Live there set to just "1", so
the machine which generated should be just 1 hop away (ie, it's
your ISP's router). For more details, plug the log entry into this:

        http://www.echogent.com/cgi-bin/fwlog.pl

        To stop your logs from filling, it's easy enough to add
some "ignore broadcast address traffic" rules to your firewall
setup. I put these into the echowall.rules file:

$IPCHAINS -A input -i $IF_EXT -b -s 0.0.0.0/8 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 169.254.0.0/16 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 192.0.2.0/24 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 224.0.0.0/4 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 240.0.0.0/5 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 248.0.0.0/5 -j DENY

        Helps keep down on the clutter. Hope it helps!

-Scott





_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to