224.0.0.5 is often used by inter router communucations
might be present if you have some OSPF router somewhere
hth
A 08:39 16/02/2001 -0500, vous avez écrit :
>Looks to me like your machine (202.85.188.98) is trying to send a multicast
>packet to the 224 network, but your firewall is preventing it... If you are
>not running something which generates multicst packets, then it's possible
>you've been hacked & the hacker has set up a daemon on your machine...
>
>> -----Original Message-----
>> From: Mark Lo [SMTP:[EMAIL PROTECTED]]
>> Sent: Friday, February 16, 2001 8:26 AM
>> To: [EMAIL PROTECTED]
>> Subject: Am I being hacked ??
>>
>> Hi,
>>
>> Am I being Hacked ?? What is wrong with the following log files.
>>
>> >From my ipchains scripts: I have the following:
>>
>> ipchains -A output -i $external_interface -d $class_d_multicast -j REJECT
>> -l
>>
>> and in the log files: I have the following:
>>
>>
>> Feb 14 15:40:35 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:36 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
>> 202.85.188.99:65535 224.0.0.5:65535 L=64 S=0xC0 I=34913 F=0x0000 T=1 (#13)
>>
>>
>> Feb 14 15:40:37 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:37 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
>> 202.85.188.99:65535 224.0.0.5:65535 L=68 S=0xC0 I=34928 F=0x0000 T=1 (#13)
>>
>>
>> Feb 14 15:40:38 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:38 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
>> 202.85.188.98:65535 224.0.0.5:65535 L=68 S=0xC0 I=18740 F=0x0000 T=1 (#13)
>>
>>
>> Feb 14 15:40:39 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:40 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:42 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>>
>> Feb 14 15:40:43 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
>> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13)
>> .. .
>> ....
>> . ...
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
- * - * - * - * - * - * -
Mes idees n'engagent que moi (vieux proverbe du Net)
Thierry ITTY
eMail: [EMAIL PROTECTED] FRANCE
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
