[SLUG] Question 2: Firewall Log

From: Larry Sanders (rhatman@earthlink.net)
Date: Thu Oct 31 2002 - 01:17:11 EST

Next message: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Previous message: Jason Copenhaver: "Re: [SLUG] HELP: SMB Printing"
In reply to: Jeff Barriault: "[SLUG] Question: Firewall Log"
Next in thread: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Reply: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm using a variation of Derek's IPTABLES firewall
Here are some very typical entries from the log.
Note the MAC address and SRC= ip address

Oct 31 01:11:35 moshe kernel: DROP INPUT:IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:06:2a:c8:c4:54:08:00 SRC=10.99.64.1
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=6537 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 31 01:12:04 moshe kernel: DROP INPUT:IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:06:2a:c8:c4:54:08:00 SRC=10.99.64.1
DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=255 ID=6556 PROTO=UDP
SPT=67 DPT=68 LEN=320

Should I be reporting this to Earthlink?
Will they look at my traffic closer and see that I'm mascarading a network?
Could it be Earthlink that is testing me every 5 to 20 seconds?
These create massive logs. What is happening?
Larry :-)

Next message: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Previous message: Jason Copenhaver: "Re: [SLUG] HELP: SMB Printing"
In reply to: Jeff Barriault: "[SLUG] Question: Firewall Log"
Next in thread: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Reply: Greg Schmidt: "Re: [SLUG] Question 2: Firewall Log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:18:26 EDT