>-------- Оригинално писмо -------- >От: Øyvind Lode [email protected]
>Относно: [Shorewall-users] PROTO=255 What? >До: Shorewall Users <[email protected]> >Изпратено на: Вторник, 2014, Февруари 25 15:36:32 EET > Hi all: > > Sorry for my ignorance but I don't understand these log entries: > > Feb 25 04:18:24 munin Shorewall:net2fw:DROP: IN=eth0 OUT= > MAC=48:5b:39:ac:1b:5e: > 00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=60 TOS=00 > PREC=0x00 > TTL=120 ID=1036 PROTO=255 MARK=0 > Feb 25 04:18:25 munin Shorewall:net2fw:DROP: IN=eth0 OUT= > MAC=48:5b:39:ac:1b:5e: > 00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=60 TOS=00 > PREC=0x00 > TTL=120 ID=1172 PROTO=255 MARK=0 > Feb 25 04:18:25 munin Shorewall:net2fw:DROP: IN=eth0 OUT= > MAC=48:5b:39:ac:1b:5e: > 00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=60 TOS=00 > PREC=0x00 > TTL=120 ID=1628 PROTO=255 MARK=0 > > I have 4080 hits/entries in my fw log identical to the ones above for Feb 25. > All from the same source IP. > > Can anyone explain what this is? > > Thanks > > -Øyvind > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users It is harmless for you (it is dropped ;) ). It looks like someone is using IANA reserved protocol (255) to communicate. "Googling" find that it is used by DDOS agents (http://staff.washington.edu/dittrich/talks/core02/xdcc-analysis.txt) but it could be something else too. If you need more info just dump the traffic and you will be able to see what it is. Hristo IT Professionl ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
