Hi, I'm seeing the following in my syslog:
Nov 16 12:59:57 camelot kernel: svc: bad direction 367264051, dropping request Nov 16 12:59:57 camelot kernel: svc: short len 4, dropping request Nov 16 12:59:58 camelot kernel: svc: bad direction 367329493, dropping request Nov 16 12:59:58 camelot kernel: svc: bad direction 367395115, dropping request Nov 16 12:59:58 camelot kernel: svc: bad direction 367460481, dropping request Nov 16 12:59:58 camelot kernel: svc: bad direction 367526053, dropping request Nov 16 12:59:58 camelot kernel: svc: bad direction 367591557, dropping request Nov 16 12:59:59 camelot kernel: svc: short len 4, dropping request Nov 16 12:59:59 camelot kernel: svc: bad direction 367657089, dropping request Nov 16 12:59:59 camelot kernel: svc: bad direction 367722725, dropping request As you can see, I'm getting 4 or 5 of these per second. Needless to say, my syslog is filling up. I've determined that the "svc:" is being logged by the the RPC services support withing the kernel. I've determined that these logs are a result of some incoming packets. That is to say if I walk over to the router that routes the packets to the server, and selectively unplug the lan points, the messages will stop when I unplug a certain lanpoint. Unfortunately, that lanpoint is the corporate feed into our router. All the PC's in our department (that connect directly to the router) seem to be quite ok. I am suspecting that the svc error might be a result of some PC with an improper netmask (but I'm only guessing). My question is: is there any way to get the IP # of the offensive packets ? is there any way to monitor the packets on the local lan, and display the IP numbers, and header ? I am presently running Red Hat 7.2, all eratta applied Kernel version: 2.4.9-13 (also happens on 2.4.7-10) Thoughts, hints appreciated. -Greg ---------------------------------- E-Mail: Gregory Hosler <[EMAIL PROTECTED]> Date: 16-Nov-01 Time: 13:24:38 You can release software that's good, software that's inexpensive, or software that's available on time. You can usually release software that has 2 of these 3 attributes -- but not all 3. ---------------------------------- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
