[techtalk] Odd firewall outputs

Kath ranger at optonline.net
Sat Mar 24 20:04:14 EST 2001 

It was actually four times in sequence.  Checking to see if there is any new
user accounts on the system.

Did anyone on the list do it?

I did give out my domain name which corresponds to this box.  If you did,
just say so, I won't be mad or anything.  I would just like to know what the
hell that was :)

- Kath

----- Original Message -----
From: <jenn at simegen.com>
To: <techtalk at linuxchix.org>
Sent: Saturday, March 24, 2001 6:52 PM
Subject: Re: [techtalk] Odd firewall outputs


> Kath wrote:
>
> > I have a Debian 2.2 firewall doing ipmasquerade running the kernel that
> > came with it (2.2.18 IIRC).
> >
> >
> >
> > This machine also serves as a web, email and DNS server.
> >
> >
> >
> > I woke up this morning and saw the following on the monitor:
> >
> >
> >
> > IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202
> >
> > IP_MASQ:reverse ICMP: failed checksum from 24.112.23.202
>
>
> The ICMP refers to the Internet Control Message Protocol - pings
> and the like. Examples are source-quench (you shut up, I'm BUSY!),
> host or network unreachable packets, redirect (I'm not the droid
> you're looking for).
>
> The reverse ICMP is a response for some ICMP packet, like a ping
> response. The failed checksum implies either that the packet was
> mangled or that it didn't REALLY come from that IP address.
>
> I don't know how significant it is. If it was only two of them,
> I'd be inclined to shrug it off as a couple of mangled packets.
> OTOH, depending on your paranoia level, you might want to do a
> quick self-check for your machines. (IE: has anyone tried to come
> in? Is everything working fine?)
>
>
>
>
> Jenn V.
> --
>      "Do you ever wonder if there's a whole section of geek culture
>              you miss out on by being a geek?" - Dancer.
>
> jenn at simegen.com     Jenn Vesperman     http://www.simegen.com/~jenn/
>
>
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
>

More information about the Techtalk mailing list