I got 5 hours of this yesterday: Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUTMAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 ID=54590 PROTO=ESP SPI=0x66c78e16 Anyone heard of ESP as a protocol? It''s not in /etc/protocols. Paul http://paulgear.webhop.net
VPN traffic --------------------------------------------- I couldn''t possibly fail to disagree with you less -----Original Message----- From: Paul Gear [mailto:paul@gear.dyndns.org] Sent: Monday, July 01, 2002 1:12 PM To: Shorewall Users Subject: [Shorewall-users] Unknown protocol I got 5 hours of this yesterday: Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUTMAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 ID=54590 PROTO=ESP SPI=0x66c78e16 Anyone heard of ESP as a protocol? It''s not in /etc/protocols. Paul http://paulgear.webhop.net _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
Paul, In /etc/protocol on a recent Debian machine it says: esp 50 ESP # Encap Security Payload for IPv6 On Tue, 2 Jul 2002, Paul Gear wrote:> I got 5 hours of this yesterday: > > Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> MAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 > ID=54590 PROTO=ESP SPI=0x66c78e16 > > Anyone heard of ESP as a protocol? It''s not in /etc/protocols. > > Paul > http://paulgear.webhop.net > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >-- Sincerely, David Smead http://www.amplepower.com
> -----Original Message----- > From: David Smead [mailto:smead@amplepower.com] > Sent: Monday, July 01, 2002 3:45 PM > To: Paul Gear > Cc: Shorewall Users > Subject: Re: [Shorewall-users] Unknown protocol > > > Paul, > > In /etc/protocol on a recent Debian machine it says: > > esp 50 ESP # Encap Security Payload for IPv6 > > > On Tue, 2 Jul 2002, Paul Gear wrote: > > > I got 5 hours of this yesterday: > > > > Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> > MAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 > > ID=54590 PROTO=ESP SPI=0x66c78e16 > > > > Anyone heard of ESP as a protocol? It''s not in /etc/protocols. > > > > Paul > > http://paulgear.webhop.netAre you by chance using IPSEC configured for ESP??? Steve Cowles
No. On Mon, 1 Jul 2002, Cowles, Steve wrote:> > -----Original Message----- > > From: David Smead [mailto:smead@amplepower.com] > > Sent: Monday, July 01, 2002 3:45 PM > > To: Paul Gear > > Cc: Shorewall Users > > Subject: Re: [Shorewall-users] Unknown protocol > > > > > > Paul, > > > > In /etc/protocol on a recent Debian machine it says: > > > > esp 50 ESP # Encap Security Payload for IPv6 > > > > > > On Tue, 2 Jul 2002, Paul Gear wrote: > > > > > I got 5 hours of this yesterday: > > > > > > Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> > > MAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 > > > ID=54590 PROTO=ESP SPI=0x66c78e16 > > > > > > Anyone heard of ESP as a protocol? It''s not in /etc/protocols. > > > > > > Paul > > > http://paulgear.webhop.net > > Are you by chance using IPSEC configured for ESP??? > > Steve Cowles > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >-- Sincerely, David Smead http://www.amplepower.com
On Tue, 2 Jul 2002, David Smead wrote:> No. > > > > > Jul 2 01:12:09 wvsvr01 kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> > > > MAC= SRC=203.39.66.210 DST=x.x.x.x LEN=136 TOS=0x00 PREC=0x00 TTL=55 > > > > ID=54590 PROTO=ESP SPI=0x66c78e16Well, 203.39.66.210 is sending you IPSEC VPN frames. And you must be very patient -- I would have blacklisted that IP after the first 5 minutes... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net