I'm not sure if that topic is adequate, but here goes. I'm sick of my logs filling up with various IPs all trying to hit various ports. I know I can put the silent deny up and it won't fill up the log any more, but is there a more defensive approach that can be taken? Is there a way to trace what appear to be spoofed IP addresses. I've got about a million of the following entry in my logs
Jan 29 11:23:47 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.51.192.1:67 255.255.255.255:68 L=350 S=0x00 I=25217 F=0x0000 T=255 (#8) I know the 10.x.x.x is for private use, so its obviously not a real IP. But is there a way to 'answer' the request in order to get more information from the offending computer to advise the admins and see if they can do something about it? Or is the only answer just to use the silent deny option? joey ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
