[CentOS] what is it in dmesg?

Mon Nov 5 22:17:39 UTC 2007
John R Pierce <pierce at hogranch.com>

ann kok wrote:
> Hi all
>
> The machine provides the name service
>
> I got the following in the dmesg.
>
> What is it?
>
> Can I have rules to prevent it?
>
> UDP: bad checksum. From outside-ip:61479 to
> machine-ip:61 ulen 45
> UDP: bad checksum. From outside-ip:62499 to
> machine-ip:61 ulen 45
> UDP: bad checksum. From outside-ip:64135 to
> machine-ip:61 ulen 45
> UDP: bad checksum. From outside-ip:64135 to
> machine-ip:61 ulen 45
> UDP: bad checksum. From outside-ip:65383 to
> machine-ip:61 ulen 45
>
> outside-ip sent an invalid ICMP type 3, code 3 error
> to a broadcast: 248.32.x.x on eth0
> outside-ip sent an invalid ICMP type 3, code 3 error
> to a broadcast: 248.32.x.x on eth0
> outside-ip sent an invalid ICMP type 3, code 3 error
> to a broadcast: 248.32.x.x on eth0
>   

'outside-ip', is that the IP of this system, or some random external 
internet IP, or what?      odd, 248.32.x.x isn't a broadcast or 
multicast address AFAIK, is that part of one of your subnets or something?

I'm not sure what udp/61 is, /etc/services says 'NI-MAIL', that appears 
to be something from the dusty basement of pre-internet networking ("JNT 
mail over NIFTP").

ICMP type 3 code 3 is 'port unreachable'.  see: 
http://www.iana.org/assignments/icmp-parameters   if you block those you 
won't be able to do traceroutes.

if you just got a few of those, I'd ignore them.  if you got lots and 
lots, it may be a weak attempt at a denial of service attack



anyways, dunno why you'd need any rules, the kernel rejected those 
packets on the grounds given.