[Shorewall-users] Attack from local network or...?

Jeff jsoehner at the-techy.com
Wed Nov 24 08:29:59 PST 2004


Hey folks;

Easy big fella << that one is for you Tom ;-)

Here's my 2c...

Ratko, your packets are failing because of a 'norfc1918' option on the eth0
interface in your '/etc/shorewall/interface' file. (I suspect)

Now the question is why? norfc1918 is used to drop packets that should never
contain rfc1918 network src addrs. (Like from the internet?). If you are NAT
with some other device (DSL modem, firewall, etc) and your eth interface is
using one of these addresses (10.x.x.x, 172-16-32.x.x, 192.168.x.x) then you
need to remove it from that interface.

BTW those 'attacks' look like some drones (spyware, adware, etc) running on
your workstations that are trying to connect to your default gateways' web
port.

But Again,  Tom always suggests that you show us your files (see
shorewall.net/support.htm) and I'll have to agree..

HTH
.
Jeff
----- Original Message ----- 
From: "Tom Eastep" <teastep at shorewall.net>
To: "Shorewall Users" <shorewall-users at lists.shorewall.net>
Sent: Wednesday, November 24, 2004 11:15 AM
Subject: Re: Re[2]: [Shorewall-users] Attack from local network or...?


> On Wed, 2004-11-24 at 08:13 -0800, Tom Eastep wrote:
> > On Wed, 2004-11-24 at 17:09 +0100, Ratko Dakic wrote:
> >
> > Ratko -- 
> >
> > a) I JUST POSTED asking that people KEEP REPLIES ON THE
> > LIST!!!!!!!!!!!!!!!!!!!
>
> Oops -- I humbly beg your pardon. I should have looked more carefully at
> the message headers before having my tantrum.
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>



More information about the Shorewall-users mailing list