Hello,

I have a redhat box protecting my network and I log my iptables rules. In particularly I log for outbount traffic. I see some entrys that would appear to be spoofs but I am uncertain of this. I have not been able to find much documentation on the logging process so if any one could take a look at the entry below and confirm this, I would greatly appreciate it.


Jul 26 03:57:45 XXXX: security_checkIN= OUT=eth0
SRC=192.168.XX.XX DST=67.XXX.102.167 LEN=106 TOS=0x00 PREC=0xC0 TTL=255
ID=63974 PROTO=ICMP TYPE=3 CODE=1 [SRC=67.XXX.102.167 DST=192.168.XX.XX
LEN=78 TOS=0x00 PREC=0x00 TTL=118 ID=40343 PROTO=UDP SPT=137 DPT=137 LEN=58 ]

I added the X's in place of some IP's and the "security_check" is for grep.

What I mostly do not understand is the info between the brackets. The rest of my logs do not have brackets.

Thanks