Sep 11 23:19:45 gateway kernel: Shorewall:net2all:DROP:IN=eth0 OUTMAC=00:01:02:87:6f:4b:00:d0:95:7a:d5:f1:08:00 SRC=218.188.94.91 DST=210.187.146.51 LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=35380 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=26807 Hi! above log is keep appear in my server. What does it means ? How can I stop it ? Best regards, Support
Am Don, 2003-09-11 um 09.22 schrieb Support:> Sep 11 23:19:45 gateway kernel: Shorewall:net2all:DROP:IN=eth0 OUT> MAC=00:01:02:87:6f:4b:00:d0:95:7a:d5:f1:08:00 SRC=218.188.94.91 > DST=210.187.146.51 LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=35380 PROTO=ICMP > TYPE=8 CODE=0 ID=512 SEQ=26807> Hi! above log is keep appear in my server. What does it means ? > How can I stop it ?That''s a PING (ICMP, Type 8) from your eth0 (with a specific MAC address and IP 218.188.94.91) to 210.187.146.51, which is th-146-51.tm.net.my. You may stop this be shutting down the process that pings. hth, Robert Kehl
Support wrote:> > Sep 11 23:19:45 gateway kernel: Shorewall:net2all:DROP:IN=eth0 OUT> MAC=00:01:02:87:6f:4b:00:d0:95:7a:d5:f1:08:00 SRC=218.188.94.91 > DST=210.187.146.51 LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=35380 PROTO=ICMP > TYPE=8 CODE=0 ID=512 SEQ=26807 > > Hi! above log is keep appear in my server. What does it means ? > How can I stop it ? > > Best regards, > SupportThey are usually pings generated from worm infected machines, you will notice the part with LEN=92. I have the same problem, if you let them through the next stop will be a DENY message for port 445. I usually get these from my "neighbors" on our cable service. DROP net fw icmp 8 in your Rules list should do the trick. http://www.shorewall.net/ping.html -- Patrick Benson Stockholm, Sweden
Hi! Patrick Thank for your info . It help me a lot ... Best regards, SKLIM ----- Original Message ----- From: "Patrick Benson" <benson@chello.se> To: <shorewall-users@lists.shorewall.net> Sent: Thursday, September 11, 2003 7:58 PM Subject: Re: [Shorewall-users] Log> Support wrote: > > > > Sep 11 23:19:45 gateway kernel: Shorewall:net2all:DROP:IN=eth0 OUT> > MAC=00:01:02:87:6f:4b:00:d0:95:7a:d5:f1:08:00 SRC=218.188.94.91 > > DST=210.187.146.51 LEN=92 TOS=0x00 PREC=0x00 TTL=115 ID=35380 PROTO=ICMP > > TYPE=8 CODE=0 ID=512 SEQ=26807 > > > > Hi! above log is keep appear in my server. What does it means ? > > How can I stop it ? > > > > Best regards, > > Support > > They are usually pings generated from worm infected machines, you will > notice the part with LEN=92. I have the same problem, if you let them > through the next stop will be a DENY message for port 445. I usually get > these from my "neighbors" on our cable service. > > DROP net fw icmp 8 > > in your Rules list should do the trick. > > http://www.shorewall.net/ping.html > > > -- > Patrick Benson > Stockholm, Sweden > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >