Señores ayer tuve una caída de mi red no podía accesar a ningún servicio como Internet y correo , y veo en mi proxy / firewall estos mensajes extraños q aun no acabo de comprender , creo que fui atacado internamente .. tuve asi por lapso de 4 horas , alguna idea?
les muestro algo raro de mi log
Dec 1 09:28:55 proxyf kernel: printk: 1 messages suppressed. Dec 1 09:28:55 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.9.32 ignored. Dec 1 09:28:55 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.9.32 Dec 1 09:28:56 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.86 ignored. Dec 1 09:28:56 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.86 Dec 1 09:28:56 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.86 ignored. Dec 1 09:28:56 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.86 Dec 1 09:28:56 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.86 ignored. Dec 1 09:28:56 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.86 Dec 1 09:29:01 proxyf kernel: printk: 3 messages suppressed. Dec 1 09:29:01 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.172 ignored. Dec 1 09:29:01 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.172 Dec 1 09:29:40 proxyf kernel: printk: 2 messages suppressed. Dec 1 09:29:40 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.9.16 ignored. Dec 1 09:29:40 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.9.16 Dec 1 09:30:07 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.10 ignored. Dec 1 09:30:07 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.10
Dec 1 09:18:58 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.143 ignored. Dec 1 09:18:58 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.143 Dec 1 09:18:58 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.172 ignored. Dec 1 09:18:58 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.172 Dec 1 09:19:00 proxyf kernel: Shorewall:net2fw:DROP:IN=eth1 OUT= MAC=00:e0:29:67:e2:9e:00:21:9b:39:22:ee:08:00 SRC=172.16.9.113 DST=172.16.8.49 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9701 DF PROTO=TCP SPT=49442 DPT=808 WINDOW=8192 RES=0x00 SYN URGP=0 Dec 1 09:19:14 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.9.16 ignored. Dec 1 09:19:14 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.9.16 Dec 1 09:19:46 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.9.200 ignored. Dec 1 09:19:46 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.9.200 Dec 1 09:20:07 proxyf kernel: Redirect from 172.16.9.186 on eth1 about 172.16.8.10 ignored. Dec 1 09:20:07 proxyf kernel: Advised path = 172.16.8.49 -> 172.16.8.10 Dec 1 09:20:08 proxyf snmpd[2849]: Connection from UDP: [172.16.8.49]:57555 Dec 1 09:20:08 proxyf snmpd[2849]: Received SNMP packet(s) from UDP: [172.16.8.49]:57555 Dec 1 09:20:08 proxyf snmpd[2849]: Connection from UDP: [172.16.8.49]:46999 Dec 1 09:20:08 proxyf snmpd[2849]: Received SNMP packet(s) from UDP: [172.16.8.49]:46999 Dec 1 09:20:08 proxyf snmpd[2849]: Connection from UDP: [172.16.8.49]:52057 Dec 1 09:20:08 proxyf snmpd[2849]: Received SNMP packet(s) from UDP: [172.16.8.49]:52057 Dec 1 09:20:08 proxyf snmpd[2849]: Connection from UDP: [172.16.8.49]:43959 Dec 1 09:20:08 proxyf snmpd[2849]: Received SNMP packet(s) from UDP: [172.16.8.49]:43959 Dec 1 09:20:08 proxyf snmpd[2849]: Connection from UDP: [172.16.8.49]:55442 Dec 1 09:20:08 proxyf snmpd[2849]: Received SNMP packet(s) from UDP: [172.16.8.49]:55442