On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote: > > > Anyone care to look at this? > > I am seeing something really weird in my log about every > 40 seconds: > > Nov 4 13:30:24 NLynxGW kernel: IP LOG: IN=eth0 OUT= > MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=63.121.22.5 > DST=66.118.15.69 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=44044 PROTO=ICMP > TYPE=3 CODE=3 [SRC=66.118.15.69 DST=63.121.22.5 LEN=204 TOS=0x00 > PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=500 DPT=500 LEN=184 ] > > Does the second part of the message, enclosed in [ ] refer to > encapsulation, or is this the source mesage which the echo reply > is responding to? And why upd 500? I have a bunch of IPSec connections > defined, but not with any of these addresses. > The regularity is also a mystery to me.
If you haven't googled this, you should. When I did, one interesting hit I saw was http://cert.uni-stuttgart.de/archive/incidents/2000/12/msg00117.html, which indicates that this could be a Microsoft-ism related to client surfing activity. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
