[Shorewall-users] Probes of the dot zero address
jfalgout at co.jefferson.co.us
Mon, 30 Sep 2002 19:53:26 -0600
> Sep 30 16:57:32 fw kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
> MAC=00:80:5f:88:49:8f:00:02:3b:02:01:18:08:00 SRC=22.214.171.124
> DST=126.96.36.199 LEN=38 TOS=0x00 PREC=0x00 TTL=3 ID=0 DF PROTO=UDP
> SPT=32532 DPT=33443 LEN=18
Look at the TTL. This isn't a legit OS.
>This looks simply like a nitwit trying to traceroute >the .0 address to
>I'd drop it in the nitbucket -- Tom's suggestion to >treat it as a
>broadcast makes sense to me.
I wouldn't dismiss this so quickly. You may want to dig deeper to see
whats going on. At least sniff the wire, see whats in the payload.
I'm just a little paranoid though. . .