On Mon, Jul 08, 2002 at 04:29:51PM +0200, Raymond Leach wrote: > On Mon, 2002-07-08 at 16:07, Ed Street wrote: > > Hello, > > > > > > Looks like station 10.0.0.19 on eth2 tried to ping 199.181.167.201 and > > it was droped. > > > I've checked the process list on 10.0.0.19 and also restarted it just to > make sure, and there is nothing that is trying to ping anywhere. > > Isn't ICMP CODE 0 TYPE 0 a reply? Doesn't this log entry represent > 10.0.0.19's reply to an echo request?
Don't you have any backdoor?? If not, then 10.0.0.19 might be replying to a spoofed ping from the inside... Ramin > > Ray > > Ed > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Raymond Leach > > Sent: Monday, July 08, 2002 10:07 AM > > To: [EMAIL PROTECTED] > > Subject: Strange log entry ... > > > > Hi > > > > Can anyone tell me what this is? > > > > Jul 8 16:04:23 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0 > > SRC=10.0.0.19 DST=199.181.167.201 LEN=1044 TOS=0x00 PREC=0x00 TTL=254 > > ID=18763 DF PROTO=ICMP TYPE=0 CODE=0 ID=6666 SEQ=0 > > Jul 8 16:04:26 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0 > > SRC=10.0.0.19 DST=199.181.167.201 LEN=1044 TOS=0x00 PREC=0x00 TTL=254 > > ID=18764 DF PROTO=ICMP TYPE=0 CODE=0 ID=6666 SEQ=0 > > > > I do not allow incoming echo requests to this machine. How the echo > > reply is generated beats me ... > > > > Ray > > > > >
