[lug] anomaly in ipchains log
Hugh Brown
hugh at vecna.com
Fri Feb 8 23:23:40 MST 2002
I have two machine that are sitting connected to the same hub.
one is at 192.168.0.1 the other at 192.168.0.5
on host1 in /var/log/messages I am seeing things like this
Feb 8 01:07:45 frodo kernel: Packet log: input DENY eth0 PROTO=6
192.168.0.5:22 <live-ip>:33386 L=60 S=0x00 I=0 F=0x4000 T=64 (#40)
To me that says that host1 (aka frodo) received a packet destined for
host5 from an IP address on the Internet.
I was ssh'ing into host5, I am just baffled as to why host1 would have
done anything with it besides ignore it. The interface on host1 is not
in promiscuous mode.
Any ideas?
Hugh
More information about the LUG
mailing list