[lug] anomaly in ipchains log
Chip Atkinson
chip at rmpg.org
Sat Feb 9 12:23:25 MST 2002
It sounds like host2 sending stuff through host 1. Did you check the
routing tables on host2? What happens if you traceroute from host2 to
someone like yahoo.com?
Chip
On 9 Feb 2002, Hugh Brown wrote:
> I have two machine that are sitting connected to the same hub.
>
> one is at 192.168.0.1 the other at 192.168.0.5
>
> on host1 in /var/log/messages I am seeing things like this
>
>
>
> Feb 8 01:07:45 frodo kernel: Packet log: input DENY eth0 PROTO=6
> 192.168.0.5:22 <live-ip>:33386 L=60 S=0x00 I=0 F=0x4000 T=64 (#40)
>
> To me that says that host1 (aka frodo) received a packet destined for
> host5 from an IP address on the Internet.
>
> I was ssh'ing into host5, I am just baffled as to why host1 would have
> done anything with it besides ignore it. The interface on host1 is not
> in promiscuous mode.
>
> Any ideas?
>
> Hugh
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list