Re: outgoing 10.x.x.x packets being logged

From: H. S. (g_reate_xcalibur_at_yahoo.com)
Date: 05/18/04

• Next message: Michael Heiming: "Re: Suggestions for remote admin of linux machines"
• Previous message: Dominik: "Re: PPP demand dial"
• Next in thread: jack: "Re: outgoing 10.x.x.x packets being logged"
• Reply: jack: "Re: outgoing 10.x.x.x packets being logged"
• Reply: Clifford Kite: "Re: outgoing 10.x.x.x packets being logged"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 18 May 2004 19:45:30 GMT

H. S. wrote:
>
> I am running Debian Sarge as a router. The box has eth0 connected to an
> ADSL modem, and eth1 connected to a switch to which my home computers
> are connected.
>
> My internal home network is 192.168.x.x.
>
> Network cards congif is:
>
> auto eth0
> iface eth0 inet static
> address 10.0.0.1
> netmask 255.0.0.0
> network 10.0.0.0
> broadcast 10.0.0.255
> #used 10.x.x.x just to have eth0 on different network than eth1
>
>
> auto eth1
> iface eth1 inet static
> address 192.168.0.2
> netmask 255.255.255.0
> network 192.168.0.0
> broadcast 192.168.0.255
>
>
> I have a firewall setup. Among other things, it stops all packets
> addressed to 192.168.x.x going to ppp0, my ADSL modem. Now, in the
> /var/log/syslog file, I see the lines given below. If somebody could
> explain what is going on, it would be great. It seems that packets
> addressed to 10.x.x.x destined towards eth0 are being logged. But where
> are these packets coming from? How do I find out what applications is
> trying to send these packets?
>
> Thanks,
> ->HS
> PS: I am no expert in TCP/IP, though I have an overall understanding
> what each line of my firewall does.
>
> LOG lines:
>
> May 17 07:15:36 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58271 DF PROTO=TCP
> SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 07:15:39 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.0.0.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58272 DF PROTO=TCP
> SPT=48000 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 07:17:01 localhost /USR/SBIN/CRON[4798]: (root) CMD ( run-parts
> --report /etc/cron.hourly)
> May 17 07:30:36 localhost kernel: PingOfDeath: IN=ppp0 OUT= MAC=
> SRC=218.18.38.233 DST=65.92.22.19 LEN=60 TOS=0x00 PREC=0x00 TTL=31
> ID=27559 DF PROTO=TCP SPT=46311 DPT=49318 WINDOW=5808 RES=0x00 RST SYN
> URGP=0
> May 17 07:36:47 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1662 DF PROTO=TCP
> SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 07:36:50 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.174.139.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1663 DF PROTO=TCP
> SPT=49878 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 07:54:34 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30331 DF PROTO=TCP
> SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 07:54:37 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.135.187.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30332 DF PROTO=TCP
> SPT=51463 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 08:01:49 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35286 DF PROTO=TCP
> SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
> May 17 08:01:52 localhost kernel: IN= OUT=eth0 SRC=10.0.0.1
> DST=10.10.5.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35287 DF PROTO=TCP
> SPT=52094 DPT=2500 WINDOW=5840 RES=0x00 SYN URGP=0
>
>

I guess comp.os.linux.security is not a high frequency newsgroup,
perhaps comp.os.linux.networking will be helpful. Hence this post to
networking.

Followups are all set to networking.

->HS

-- 
(Remove all underscores,if any, from my email address to get the correct 
one. Apologies for the inconvenience but this is to reduce spam.)

• Next message: Michael Heiming: "Re: Suggestions for remote admin of linux machines"
• Previous message: Dominik: "Re: PPP demand dial"
• Next in thread: jack: "Re: outgoing 10.x.x.x packets being logged"
• Reply: jack: "Re: outgoing 10.x.x.x packets being logged"
• Reply: Clifford Kite: "Re: outgoing 10.x.x.x packets being logged"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Problem with multi-aliases network interfaces ... I'm using static ip's in all ifaces, and wpa_supplicant over eth1. ... only eth1 and eth0 configured with static ip's don't have problems. ... over diferent IP subnetworks, the "network" init script appear to forgot ... (Fedora) Kernel upgrade 2.4.18-14 -> 2.4.23 (rh8) ... I just recompiled a new kernel, ... eth0: Broadcom BCM5701 Integrated Copper transceiver found ... eth1: Broadcom BCM5701 Integrated Copper transceiver found ... Dec 5 10:07:55 network: Setting network parameters: succeeded ... (RedHat) Re: VOIP with a linksys PAP2 ... >>automatically configured by DHCP in his router, ... configured eth0 to use DHCP). ... to a single network interface (each network interface has a unique MAC ... via eth1) in order for your PAP2 to be configured correctly. ... (Fedora) Re: configuring Multiple network cards ... eth1 previously had its own IP address ... > firewall router broke down. ... Those would only use network or host routing. ... gw on eth0 that leads to internet. ... (comp.os.linux.networking) Re: Proper routes for linux machine with two network ports to same network ... I run a Fedora Core 4 system with two network devices eth0 (assigned ... interface is working or sort of, and choose the correct route? ... (comp.os.linux.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint