[techtalk] Odd firewall outputs
jenn at simegen.com
jenn at simegen.com
Sun Mar 25 09:52:07 EST 2001
Kath wrote:
> I have a Debian 2.2 firewall doing ipmasquerade running the kernel that
> came with it (2.2.18 IIRC).
>
>
>
> This machine also serves as a web, email and DNS server.
>
>
>
> I woke up this morning and saw the following on the monitor:
>
>
>
> IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202
>
> IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202
The ICMP refers to the Internet Control Message Protocol - pings
and the like. Examples are source-quench (you shut up, I'm BUSY!),
host or network unreachable packets, redirect (I'm not the droid
you're looking for).
The reverse ICMP is a response for some ICMP packet, like a ping
response. The failed checksum implies either that the packet was
mangled or that it didn't REALLY come from that IP address.
I don't know how significant it is. If it was only two of them,
I'd be inclined to shrug it off as a couple of mangled packets.
OTOH, depending on your paranoia level, you might want to do a
quick self-check for your machines. (IE: has anyone tried to come
in? Is everything working fine?)
Jenn V.
--
"Do you ever wonder if there's a whole section of geek culture
you miss out on by being a geek?" - Dancer.
jenn at simegen.com Jenn Vesperman http://www.simegen.com/~jenn/
More information about the Techtalk
mailing list