[lug] RFI packet log deny message
B O'Fallon
bof at pcisys.net
Tue Oct 23 22:22:54 MDT 2001
Hello,
I was looking at my root mail tonight and noticed the following:
Oct 23 21:56:11 mudhen kernel: Packet log: input DENY eth0
PROTO=6
152.2.210.121:20 10.0.0.3:32897 L=60 S=0x00 I=21355 F=0x4000
T=51 SYN
(#59)
Oct 23 21:56:20 mudhen kernel: Packet log: input DENY eth0
PROTO=6
152.2.210.121:20 10.0.0.3:32897 L=60 S=0x00 I=41627 F=0x4000
T=51 SYN
(#59)
Oct 23 21:56:32 mudhen kernel: Packet log: input DENY eth0
PROTO=6
152.2.210.121:20 10.0.0.3:32897 L=60 S=0x00 I=3142 F=0x4000
T=51 SYN
(#59)
nslookup revealed that 152.2.210.121 is latinhouse.metalab.unc.edu. I
wasn't doing anything with them that I know of.
10.0.0.3 is address assigned to my ethernet card by the NAT feature of
my Cisco 675.
Could someone explain what this is? Is someone at unc probing the ftp
port of the ipaddress for my cisco and it is getting passed through to
the firewall I am running on 10.0.0.3?
Thanx.
BOF
More information about the LUG
mailing list