[Shorewall-users] Probes of the dot zero address

Jeff Falgout jfalgout at co.jefferson.co.us
Mon, 30 Sep 2002 19:53:26 -0600


> Sep 30 16:57:32 fw kernel: Shorewall:net2all:DROP:IN=eth0 OUT= 
> MAC=00:80:5f:88:49:8f:00:02:3b:02:01:18:08:00 SRC=216.52.254.69 
> DST=198.133.233.0 LEN=38 TOS=0x00 PREC=0x00 TTL=3 ID=0 DF PROTO=UDP 
> SPT=32532 DPT=33443 LEN=18

Look at the TTL. This isn't a legit OS. 

>This looks simply like a nitwit trying to traceroute >the .0 address to
>me. :)

>I'd drop it in the nitbucket -- Tom's suggestion to >treat it as a
>broadcast makes sense to me.

I wouldn't dismiss this so quickly. You may want to dig  deeper to see
whats going on. At least sniff the wire, see whats in the payload.

I'm just a little paranoid though. . .

Jeff