[Leaf-user] ES2B / echowall packet logging

Rob Moore Fri, 13 Jul 2001 14:17:48 -0700
Hi (this message resent does not appear to have been accepted first time)

I saw a few threads a while back on not logging packets directed to port
53:-

Packet log: input DENY ppp0 PROTO=6 64.37.200.46:41613 62.30.91.76:53 L=44
S=0x00 I=0 F=0x0000 T=242 (#42)

I am seeing vast quantities of these in my logs. I have read the notes,
mails, etc
on what they are and why they are generated, just need a bit of help in not
logging
them with echowall.

What I have done is at the bottom of the echowall.rules file before
#lastrule#... put the following
line; is this correct?

$IPCHAINS -A input -i $IF_EXT -d 0.0.0.0/0 53 -p tcp -j DENY


Second, can anyone shed any light on these recurring entries I see in my
logs:-

Jul 11 12:23:12 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.12:8 62.30.91.76:0 L=84 S=0x00 I=44064 F=0x0000 T=44 (#40)
Jul 11 12:23:12 pdrtr last message repeated 2 times
Jul 11 12:32:03 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.12:8 62.30.91.76:0 L=84 S=0x00 I=44320 F=0x0000 T=44 (#40)
Jul 11 12:32:03 pdrtr last message repeated 2 times
Jul 11 13:59:47 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.11:8 62.30.91.76:0 L=84 S=0x00 I=48648 F=0x0000 T=44 (#40)
Jul 11 13:59:47 pdrtr last message repeated 2 times
Jul 11 15:46:44 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.11:8 62.30.91.76:0 L=84 S=0x00 I=48648 F=0x0000 T=44 (#40)
Jul 11 15:46:44 pdrtr last message repeated 2 times
Jul 11 17:58:17 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.11:8 62.30.91.76:0 L=84 S=0x00 I=48648 F=0x0000 T=44 (#40)
Jul 11 17:58:17 pdrtr last message repeated 2 times
Jul 11 18:03:51 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.11:8 62.30.91.76:0 L=84 S=0x00 I=48392 F=0x0000 T=44 (#40)
Jul 11 18:03:51 pdrtr last message repeated 2 times
Jul 11 18:59:22 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.160.160.11:8 62.30.91.76:0 L=84 S=0x00 I=48648 F=0x0000 T=44 (#40)
Jul 11 18:59:22 pdrtr last message repeated 2 times
Jul 11 19:30:02 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
208.48.67.12:8 62.30.91.76:0 L=84 S=0x00 I=61451 F=0x0000 T=52 (#40)
Jul 11 19:30:02 pdrtr last message repeated 2 times
Jul 11 22:05:47 pdrtr -- MARK --
Jul 11 22:12:38 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.241.16.17:8 62.30.91.76:0 L=64 S=0x00 I=3188 F=0x0000 T=41 (#40)
Jul 11 22:12:39 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.241.16.17:8 62.30.91.76:0 L=64 S=0x00 I=3258 F=0x0000 T=41 (#40)
Jul 11 22:12:40 pdrtr kernel: Packet log: input DENY eth0 PROTO=1
63.241.16.17:8 62.30.91.76:0 L=64 S=0x00 I=3308 F=0x0000 T=41 (#40)


Thanks

Rob


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ES2B / echowall packet logging

Reply via email to
