|
-
July 28th, 2002, 11:01 PM
#11
Junior Member
Thanks Ammo,
That link is great. It still is odd to me that it appeared to originate from my router. I have statefull rules in place and the packet originated from 67.xx.... Its confusing to me why that would log to my OUTPUT chain. Its like the box disregarded its connection and just decided to send the packet to the 67.xx address.
-
July 28th, 2002, 11:06 PM
#12
???
The ICMP packet DID originate from your router. Re-read my last post. The icmp packet is an error message sent to 67.blah saying that the previous UDP datagram it sent isn't allowed through...
Ammo
Credit travels up, blame travels down -- The Boss
-
July 29th, 2002, 06:54 AM
#13
During a review of the hospital facilities, the Director and Doctor walking down the ward notice a man jerking off. The Director asks the Doctor, you wanna explain that.... The Doctor then explains that the patient has a rare disease where sperm fills in his testicals and that he needs to ejaculate once an hour to releave the pressure or he can die. Well, the Director says, that sounds logical. As the Director and Doctor continue down the ward, they happen by a nurse giving a patient head.... The Director turns to the Doctor, "How you gonna explain that", the Doctor calmly turns to the Director and says."Same disease, better health care plan".
Just Some Humor For Your Day. Smile =)~
-
July 29th, 2002, 12:22 PM
#14
Junior Member
Perhaps originate was the wrong choice of words. I understand that the packet was sent from my router. Given the nature of statefull rules though, my router did not initiate communction therefore it should not have logged in my OUPUT chain. The 67.XX IP make initial communication. This is why I said... "Its like the box disregarded its connection and just decided to send the packet to the 67.xx address." Iptables might need to be tweeked to handle timeouts with regards to STATE and ESTABLISHED. All of the ports in question have been filtered to the WAN with DROP, not REJECT. It should not have sent back an ICMP type 3.
-
July 30th, 2002, 08:58 PM
#15
put if you ping something that message goes to your router and then it goes out. so someone inside pings and that ping goes out from the router. if whats trying to get pinged isnt there then you will get the ICMP=3. does that make any sense?
if you are 100% pos that the router didnt init that sequence then i agree, it COULD be a spoof.
-
August 1st, 2002, 04:49 AM
#16
Junior Member
The OUT chain only pertains to processes running on the box, ie a logged in user, an automated task via cron, etc. There are technically packets going OUT of the box all day long. Its got to start from the box to be really be considered OUT. I still havent upgraded to the latest version to see if it corrects itself. And no, that didnt make any sense. ;-)
addon: I swear AO adds grammatical errors when the replys upload. They sneak extra words into your sentences. I just know they do.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
