[lug] ipchains result, help.
Kevin Fenzi
kevin at scrye.com
Fri Jun 30 10:14:33 MDT 2000
>>>>> "Anders" == Anders Knudsen <aknudsen.96 at alum.mines.edu> writes:
Anders> Am still green with regard to interpreting the log generated
Anders> by ipchains, so I was hoping someone here could give me a
Anders> quick tutorial on how to read this result which was spewed
Anders> forth by my current firewall. i.e., what do the various
Anders> columns indicate? (I am striving to be as hack proof as
Anders> possible... ;-) mucho TIA, -anders.
sure... ;)
Anders> Jun 29 08:14:42 fulcrum kernel: Packet log: input DENY ppp0
Anders> PROTO=17 207.225.105.156:3008 207.225.105.90:5632 L=30 S=0x00
Anders> I=47543 F=0x0000 T=127 (#36)
This is a packet in the "input" chain (ie, it was coming in).
It was sent to the "DENY" target (ie, it was denied and dropped).
The interface was ppp0
The protocol of the packet was 17 (look in /etc/protocols, it's UDP).
The source IP and port was "207.225.105.156:3008" (this is where it came from)
The Destination IP and port was "207.225.105.90:5632"
The length was 30.
The Type of Service field was 0x00
The IP id was 47543
The fragment mask was 0x0000
The time to live on the packet was 127
and it was sent to the DENY target from rule #36 in your chain.
Anders> Jun 29 12:02:57 fulcrum kernel: Packet log: input DENY ppp0
Anders> PROTO=6 207.225.105.21:2650 207.225.105.90:135 L=48 S=0x00
Anders> I=40551 F=0x4000 T=124 SYN (#34)
same thing goes here. ;)
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list