As most people on this list i have a lot of rules governing my firewall
that log all suspicious packets. I have happily run a masq for the last
year, without ever seeing a single "suspicious packet", till last week.
Starting last wensday my local net has seen lots of these "things" ...
Dec 9 00:54:05 flem kernel: IP fw-in deny eth0 UDP 169.254.181.124:137
169.254.
255.255:137 L=96 S=0x00 I=24832 F=0x0000 T=128
Our internal IP's are all in the 10.10.10.x range. (We have 4 wintel boxes)
The specified host (169.254.181.124:137) doesn't seem to reverse-resolve.
Port 137 UDP is used by netbios.
These packets seem to originate inside our local net, for they would
otherwise have been caught by the rules governing the PPP interface ...
My question to the readers of this list is:
WHERE DO THEY COME FROM?
I would like to hear all your opinions.
If you need more information please ask.
Furthermore i should tell you that i checked all the hosts on out local
net, and no-one is misconfigged to use the abovementione IP address.
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
