Hi all
The machine provides the name service
I got the following in the dmesg.
What is it?
Can I have rules to prevent it?
UDP: bad checksum. From outside-ip:61479 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:62499 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:64135 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:64135 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:65383 to machine-ip:61 ulen 45
outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0 outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0 outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0
Thank you
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
ann kok wrote:
Hi all
The machine provides the name service
I got the following in the dmesg.
What is it?
Can I have rules to prevent it?
UDP: bad checksum. From outside-ip:61479 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:62499 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:64135 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:64135 to machine-ip:61 ulen 45 UDP: bad checksum. From outside-ip:65383 to machine-ip:61 ulen 45
outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0 outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0 outside-ip sent an invalid ICMP type 3, code 3 error to a broadcast: 248.32.x.x on eth0
'outside-ip', is that the IP of this system, or some random external internet IP, or what? odd, 248.32.x.x isn't a broadcast or multicast address AFAIK, is that part of one of your subnets or something?
I'm not sure what udp/61 is, /etc/services says 'NI-MAIL', that appears to be something from the dusty basement of pre-internet networking ("JNT mail over NIFTP").
ICMP type 3 code 3 is 'port unreachable'. see: http://www.iana.org/assignments/icmp-parameters if you block those you won't be able to do traceroutes.
if you just got a few of those, I'd ignore them. if you got lots and lots, it may be a weak attempt at a denial of service attack
anyways, dunno why you'd need any rules, the kernel rejected those packets on the grounds given.