From: Simon <tanstaafl@libertytrek.org>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Log flooded with these...
Date: Sun, 19 Oct 2008 11:53:19 -0400 [thread overview]
Message-ID: <48FB57EF.2090505@libertytrek.org> (raw)
In-Reply-To: <48FB4FD8.7090307@libertytrek.org>
On 10/19/2008 11:18 AM, Simon wrote:
> Hello,
>
> I'm not sure whats going on here, but I came in today and my log is
> being flooded with these... about once per second, I get 2 or 3 of the
> following:
Ok, reviewing the logs to see when these started, it was right at 3:00pm
yesterday (Saturday), and less than a minute after the hourly cron job
ran - up until then, the logs looked completely normal:
Oct 18 15:00:01 myhost cron[22911]: (root) CMD (rm -f
/var/spool/cron/lastrun/cron.hourly)
Oct 18 15:00:01 myhost cron[22912]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons )
Oct 18 15:00:51 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:11:2f:36:c6:4c:08:00 SRC=192.168.1.47
DST=255.255.255.
255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=18229 PROTO=UDP SPT=68 DPT=67
LEN=308
Oct 18 15:01:38 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0
DST=255.255.255.255 L
EN=328 TOS=0x00 PREC=0x00 TTL=128 ID=351 PROTO=UDP SPT=68 DPT=67 LEN=308
Oct 18 15:01:38 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:04:5a:8f:d6:11:08:00 SRC=192.168.1.250
DST=255.255.255
.255 LEN=347 TOS=0x00 PREC=0x00 TTL=128 ID=12140 PROTO=UDP SPT=67 DPT=68
LEN=327
Oct 18 15:01:38 myhost IPTABLES-IN Default Drop: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1c:c0:69:16:89:08:00 SRC=0.0.0.0
DST=255.255.255.255 L
EN=360 TOS=0x00 PREC=0x00 TTL=128 ID=352 PROTO=UDP SPT=68 DPT=67 LEN=340
I have installed a few updates recently, but not iptables...
There was an update available for it - has been for a while - so I went
ahead and updated it, but the problem persists... I also tried updating
the kernel (there's been an update available for it for a while too) and
rebooted, but again, the problem remains...
Everything else on this server seems fine (mail, web)...
Is the domain controller actually doing something it shouldn't? It seems
to be fine, nothing unusual in the logs for it...
Besides - it is just way too suspicious that this started exactly at
3:00pm, and immediately following the hourly cron job...
Anyone have any ideas?
next prev parent reply other threads:[~2008-10-19 15:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-19 15:18 Log flooded with these Simon
2008-10-19 15:53 ` Simon [this message]
[not found] ` <78e398b30810190903i610b64e3l56fa51402e607cc6@mail.gmail.com>
2008-10-19 16:42 ` Simon
2008-10-19 16:48 ` Simon
2008-10-19 18:27 ` Simon
2008-10-20 6:22 ` Robert Nichols
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48FB57EF.2090505@libertytrek.org \
--to=tanstaafl@libertytrek.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.