Attached is a log of the packets that were dropped by "iptables" today.
While the information in "man icmp" is well over my head, it did sound
to me that icmp messages relate to kernel activities and ought to be
internal to either the computer or - at least - to the network to which
the computer is attached.
Hence I am puzzled by the IP addresses of many of the dropped packages -
I have difficulty in relating these addresses to my ISP (WebOne).
Since WebOne has figured prominently in recent postings to this list, I
thought it worth forwarding my log for <inspection|comment>.
Felix Karpfen
--
Felix Karpfen
felixk at webone.com.au
Public Key 72FDF9DF (DH/DSA)
-------------- next part --------------
fwlogwatch output
Generated Thu Aug 21 08:38:50 EST 2003 by root.
177 of 1902 entries in the file "/var/log/system" are packet logs, 48 have
unique characteristics.
First packet log entry: Aug 17 07:17:57, last: Aug 21 06:54:44.
All entries were logged by the same host: "eureka".
All entries are from the same chain: "catch-all ".
All entries have the same target: "-".
All entries are from the same interface: "ppp0".
# start end interval proto source hostname port service destination hostname port service opts
SNIP
3 Aug Aug - icmp 68.88.34.16 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
37:36 37:
36
3 Aug Aug - icmp 210.10.160.121 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
37:39 37:
39
3 Aug Aug - icmp 68.72.165.225 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
37:59 37:
59
3 Aug Aug - icmp 200.59.44.151 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
40:31 40:
31
3 Aug Aug - icmp 207.230.192.51 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
41:23 41:
23
3 Aug Aug - icmp 4.34.209.18 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
41:59 41:
59
3 Aug Aug - icmp 64.231.153.110 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
42:17 42:
17
3 Aug Aug - icmp 165.127.85.4 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
42:50 42:
50
3 Aug Aug - icmp 4.20.71.50 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
42:52 42:
52
3 Aug Aug - icmp 210.10.163.28 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
43:15 43:
15
3 Aug Aug - icmp 210.11.48.135 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
43:42 43:
42
3 Aug Aug - icmp 210.11.155.199 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
45:20 45:
20
3 Aug Aug - icmp 218.93.255.168 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
45:25 45:
25
3 Aug Aug - icmp 67.65.208.211 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
46:58 46:
58
3 Aug Aug - icmp 210.9.54.56 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
47:07 47:
07
3 Aug Aug - icmp 218.170.188.70 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
47:10 47:
10
3 Aug Aug - icmp 64.230.22.70 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
47:19 47:
19
3 Aug Aug - icmp 67.1.244.205 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
47:42 47:
42
3 Aug Aug - icmp 210.11.131.67 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
49:46 49:
46
3 Aug Aug - icmp 61.213.74.204 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
49:56 49:
56
3 Aug Aug - icmp 144.254.13.70 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
50:18 50:
18
3 Aug Aug - icmp 210.9.235.35 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
51:30 51:
30
3 Aug Aug - icmp 210.10.235.43 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
52:31 52:
31
3 Aug Aug - icmp 4.63.219.221 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
52:42 52:
42
3 Aug Aug - icmp 210.10.230.164 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
54:43 54:
43
3 Aug Aug - icmp 210.11.51.165 - 8 - 210.11.49.74 - 0 - -
21 21
06: 06:
54:44 54:
44
fwlogwatch 0.4 ? 2001-08-19 Boris Wesslowski, RUS-CERT