I'm using a variation of Derek's IPTABLES firewall
Here are some very typical entries from the log.
Note the MAC address and SRC= ip address
Oct 31 01:11:35 moshe kernel: DROP INPUT:IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:06:2a:c8:c4:54:08:00 SRC=10.99.64.1
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=6537 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 31 01:12:04 moshe kernel: DROP INPUT:IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:06:2a:c8:c4:54:08:00 SRC=10.99.64.1
DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=255 ID=6556 PROTO=UDP
SPT=67 DPT=68 LEN=320
Should I be reporting this to Earthlink?
Will they look at my traffic closer and see that I'm mascarading a network?
Could it be Earthlink that is testing me every 5 to 20 seconds?
These create massive logs. What is happening?
Larry :-)
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:18:26 EDT