On Fri, 20 Jun 2003, Dennis Stephens wrote: > My logs are being filled with two tons of lines likes this... > > > Jun 17 15:01:42 ardentpursuit kernel: Packet log: input DENY eth0 PROTO=17 > 10.24.0.1:67 255.255.255.255:68 L=336 S=0x00 I=7199 F=0x0000 T=255 (#27) > Jun 17 15:01:47 ardentpursuit kernel: Packet log: input DENY eth0 PROTO=17 > 10.24.0.1:67 255.255.255.255:68 L=336 S=0x00 I=7201 F=0x0000 T=255 (#27) > Jun 17 15:01:51 ardentpursuit kernel: Packet log: input DENY eth0 PROTO=17 > 10.24.0.1:67 255.255.255.255:68 L=328 S=0x00 I=7207 F=0x0000 T=255 (#27) > Jun 17 15:02:00 ardentpursuit kernel: Packet log: input DENY eth0 PROTO=17 > 10.24.0.1:67 255.255.255.255:68 L=328 S=0x00 I=7219 F=0x0000 T=255 (#27)
[...] I don't see why you needed 17 lines when 3 or 4 or even 1 would serve as well. You don't need to burden us just because you are burdened. > I know I can just trap the 10.24.0.1:67 and NOT log it. Will do that soon > enough, meanwhile can one of you FW types educate me on where this may be > originating from? Just wondering. As always in your deepest debt. Proto 17 = UDP Destination IP 255.255.255.255 is broadcast Destination port 68 is bootpc or dhcp client These are probably dhcp lease renewals (offers or ACKs) from your ISP's dhcp server. It is possible that they are from a rogue server, but not really so likely. Assuming they are legitimate, you should probably be letting these into your firewall so it can renew leases. Google sez: http://www.freesoft.org/CIE/RFC/2131/20.htm --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
