[techtalk] Odd firewall outputs

jenn at simegen.com jenn at simegen.com
Sun Mar 25 09:52:07 EST 2001


Kath wrote:

> I have a Debian 2.2 firewall doing ipmasquerade running the kernel that 
> came with it (2.2.18 IIRC). 
> 
>  
> 
> This machine also serves as a web, email and DNS server.
> 
>  
> 
> I woke up this morning and saw the following on the monitor:
> 
>  
> 
> IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202
> 
> IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202


The ICMP refers to the Internet Control Message Protocol - pings
and the like. Examples are source-quench (you shut up, I'm BUSY!),
host or network unreachable packets, redirect (I'm not the droid
you're looking for).

The reverse ICMP is a response for some ICMP packet, like a ping
response. The failed checksum implies either that the packet was
mangled or that it didn't REALLY come from that IP address.

I don't know how significant it is. If it was only two of them,
I'd be inclined to shrug it off as a couple of mangled packets.
OTOH, depending on your paranoia level, you might want to do a
quick self-check for your machines. (IE: has anyone tried to come
in? Is everything working fine?)




Jenn V.
-- 
     "Do you ever wonder if there's a whole section of geek culture
             you miss out on by being a geek?" - Dancer.

jenn at simegen.com     Jenn Vesperman     http://www.simegen.com/~jenn/





More information about the Techtalk mailing list