From: Simon <tanstaafl@libertytrek.org>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Log flooded with these...
Date: Sun, 19 Oct 2008 11:18:48 -0400 [thread overview]
Message-ID: <48FB4FD8.7090307@libertytrek.org> (raw)
Hello,
I'm not sure whats going on here, but I came in today and my log is
being flooded with these... about once per second, I get 2 or 3 of the
following:
Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=46967
PROTO=UDP SPT=68 DPT=67 LEN=308
Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:04:5a:8f:d6:11:08:00 SRC=192.168.1.250
DST=255.255.255.255 LEN=347 TOS=0x00 PREC=0x00 TTL=128 ID=55784
PROTO=UDP SPT=67 DPT=68 LEN=327
Oct 19 11:10:33 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=360 TOS=0x00 PREC=0x00 TTL=128 ID=46968
PROTO=UDP SPT=68 DPT=67 LEN=340
The only things that I can see that change are the date/times (of
course) and the ID=value
192.168.1.250 is the only windows domain controller (DHCP, DNS and file
services)...
For a long time, I've seen things like this in the logs - in fact I even
asked about it here once a few months ago, but got busy and didn't
follow up on 'fixing' it - but it was never just continuous like this...
First question is, is this anything to be concerned about?
If not, how can I silence these in my logs?
Tia for any help/suggestions - Simon...
Output of iptables-save follows:
# Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008
*raw
:PREROUTING ACCEPT [222633286:130337506706]
:OUTPUT ACCEPT [186475744:266358392165]
COMMIT
# Completed on Sat Oct 18 16:11:52 2008
# Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008
*nat
:PREROUTING ACCEPT [3310784:561609823]
:POSTROUTING ACCEPT [289167:19127565]
:OUTPUT ACCEPT [300907:21670186]
COMMIT
# Completed on Sat Oct 18 16:11:52 2008
# Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008
*mangle
:PREROUTING ACCEPT [621778831:356231181731]
:INPUT ACCEPT [621741184:356222148032]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [510767123:743977057165]
:POSTROUTING ACCEPT [510654750:743968032926]
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT
# Completed on Sat Oct 18 16:11:52 2008
# Generated by iptables-save v1.3.8 on Sat Oct 18 16:11:52 2008
*filter
:INPUT DROP [1492298:264275398]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [21460:2536934]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -j LOG --log-prefix "IPTABLES-IN Default Drop: " --log-level 7
-A INPUT -p tcp -m tcp --dport 22 -m state --state RELATED,ESTABLISHED
-j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 783 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "IPTABLES-OUT Default Drop: " --log-level 7
COMMIT
# Completed on Sat Oct 18 16:11:52 2008
next reply other threads:[~2008-10-19 15:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-19 15:18 Simon [this message]
2008-10-19 15:53 ` Log flooded with these Simon
[not found] ` <78e398b30810190903i610b64e3l56fa51402e607cc6@mail.gmail.com>
2008-10-19 16:42 ` Simon
2008-10-19 16:48 ` Simon
2008-10-19 18:27 ` Simon
2008-10-20 6:22 ` Robert Nichols
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48FB4FD8.7090307@libertytrek.org \
--to=tanstaafl@libertytrek.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.