[lug] anomaly in ipchains log
Hugh Brown
hugh at vecna.com
Sat Feb 9 13:26:04 MST 2002
That was it. I had set up the gateway from memory, unfortunately I set
the gateway as the network address so it was essentially broadcasting
all of its packets to everyone on the hub. Oops. Thanks for the help.
Hugh
On Sat, 2002-02-09 at 14:23, Chip Atkinson wrote:
> It sounds like host2 sending stuff through host 1. Did you check the
> routing tables on host2? What happens if you traceroute from host2 to
> someone like yahoo.com?
>
> Chip
>
> On 9 Feb 2002, Hugh Brown wrote:
>
> > I have two machine that are sitting connected to the same hub.
> >
> > one is at 192.168.0.1 the other at 192.168.0.5
> >
> > on host1 in /var/log/messages I am seeing things like this
> >
> >
> >
> > Feb 8 01:07:45 frodo kernel: Packet log: input DENY eth0 PROTO=6
> > 192.168.0.5:22 <live-ip>:33386 L=60 S=0x00 I=0 F=0x4000 T=64 (#40)
> >
> > To me that says that host1 (aka frodo) received a packet destined for
> > host5 from an IP address on the Internet.
> >
> > I was ssh'ing into host5, I am just baffled as to why host1 would have
> > done anything with it besides ignore it. The interface on host1 is not
> > in promiscuous mode.
> >
> > Any ideas?
> >
> > Hugh
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
------------------------------------
System Administrator/Unix Consultant
hugh at vecna.com
Vecna Technologies, Inc
6525 Belcrest Rd, Suite 612
Hyattsville MD, 20782
301.864.7253
http://www.vecna.com
------------------------------------
Linux Professional Institute Certified - Level 1
Sair Linux and GNU Certified Administrator
AIX Certified Specialist - System Support
------------------------------------
More information about the LUG
mailing list