Hi all - back after a short sabbatical, and I've been noticing a few of these messages in the logs on a firewall I manage over the past few week. I had a look through the list archives and on some search engines and found a few references to people getting these error messages - but they were all in relation to an IP address that was unknown to them, and most responses suggested that the problem may have to do with script kiddies trying to break in... I've been getting these messages where xxx.xxx.xxx.xxx is an IP address on the subnet protected by the firewall... The machine at the IP address referenced is a primarily a squid proxy server, as well as running netatalk and samba. I'm pretty certain that the server has not been compromised, everything looks normal at any rate... I checked the logs on the server around the times that the error was reported and couldn't see any activites reported. Nobody was in the office or using the network at the time of the errors. The pattern of errors is interesting too, all happening at or around midnight, at sort of regular intervals... Following are all occurrences (SNIP-ped to fit the email) of the error to date: Jan 9 00:19:07 styxx kernel: IP_MASQ:reverse ICMP: failed checksum from xxx.xxx.xxx.xxx! Jan 9 00:21:45 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 9 00:25:33 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:20:47 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:22:32 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:23:54 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:27:12 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:35:02 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:39:00 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:46:18 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:48:33 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 01:59:45 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:06:17 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:12:23 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:13:52 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:16:41 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:19:17 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:23:14 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:26:42 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:29:17 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 10 02:30:53 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 11 00:19:47 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:11:04 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:21:08 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:22:38 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:24:56 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:26:27 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 12 00:33:00 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 14 00:02:56 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 14 00:20:33 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 14 00:24:29 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> Jan 14 00:34:30 styxx kernel: IP_MASQ:reverse ICMP: failed checksum <SNIP> I was wondering if anyone had any more conclusive theories as to what this "failed ICMP checksum" entailed and how I might go about remedying the problem. also - why is there an exclamation mark after the error / ip address in the log file... or is that just for extra emphasis? thanks in advance, dan. -- Telezygology / Nitro 3D Visualisation, Graphics & Animation Ph (+61 2) 9810 5177 Fx (+61 2) 9810 0199 http://www.nitro.com.au/ PGP Public Key: http://www.nitro.com.au/Dan_Horth.pgp.key _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
