>At 09:51 AM 1/29/03 -0600, Joey Officer wrote: >>I'm not sure if that topic is adequate, but here goes.
>>Jan 29 11:23:47 firewall kernel: Packet log: input DENY eth0 PROTO=17 >>10.51.192.1:67 255.255.255.255:68 L=350 S=0x00 I=25217 F=0x0000 T=255 (#8) >> >>I know the 10.x.x.x is for private use, so its obviously not a real IP. But >>is there a way to 'answer' the request in order to get more information from >>the offending computer to advise the admins and see if they can do something >>about it? > >Unless your ISP actually uses that address range on your external >interface, there should be no way to " 'answer' the request ". That's why >the addresses are called "private" -- the standards call for them to be >unroutable on the public Internet. But while they are often called "not >real" colloquially, they in fact can be perfectly "real", in that they are >used by actual machines on NAT'd LANs. I can�t tell you about specific ports, but when I first started using cable, I called up Time Warner, thinking that 200+ requests an hour was a �bad� thing, and I eventually ended up being transferred to some background tech. I told him the most prevalent �hacker� IP (10.x.x.x) and he politely explained it was Time Warner itself. It was a Time Warner box that is specifically setup to check for something (open services? exploitable machines? I didn�t ask.) I do get other �input deny� off other IPs, but the vast majority (95%+ and about 1 request every 10 seconds) come from that single Time Warner box. Maybe I should �silent deny� my own LRP/LEAF box. . . Wait, I'd have to RTFM. Oh! Wait! I�d have to remember the root password! Opps. Hope this helps somehow, Michael Reply to: [EMAIL PROTECTED] Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
