| View previous topic :: View next topic |
| Author |
Message |
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
 Posted: Tue Mar 16, 2004 2:24 pm Post subject: Samba error? |
 |
|
Hi!
These lines appear in my logfiles
| Code: | Mar 16 14:32:03 tux eth0: link up, 10Mbps, half-duplex, lpa 0x0000
Mar 16 14:32:08 tux 10.1.146.51 sent an invalid ICMP type 11, code 0 error to a
broadcast: 23.251.199.255 on eth0
Mar 16 14:32:15 tux 10.1.146.51 sent an invalid ICMP type 11, code 0 error to a
broadcast: 23.251.199.255 on eth0
|
It seems to be linked to the use of samba. There are hundreds of these lines in an hour...
How can i understand what is it? (i don't know who is 10.1.146.51)
And how can i avoid all these lines to fill my logs (as they waste a lot of CPU, i imagine, and they make my logs useless) ?
This considering that
a) i still can't write firewall rules, so i've no firewall
b) i'm behind a NAT which covers all the users of my ISP.
Thank you!
_________________
Il sonno della ragione genera mostri. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Mar 16, 2004 7:01 pm Post subject: |
|
|
This may be an attempt to send illicit traffic through your box - a 10.x.x.x host should never send a broadcast to an different subnet!
A NAT connection to your ISP ?
That sounds ... weird.
You mean you don't even have a real IP address ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
| Posted: Tue Mar 16, 2004 7:43 pm Post subject: |
|
|
Exactly. And, if i want a public IP address, i need a tunneling service towards a server which is outside of my ISP network.
Are 10.x.x.x reserved address?
_________________
Il sonno della ragione genera mostri. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Mar 16, 2004 9:46 pm Post subject: |
|
|
| shanghai wrote: | | Exactly. And, if i want a public IP address, i need a tunneling service towards a server which is outside of my ISP network. |
Double weird - your ISP should be the first stop toward giving you a public IP address.
| shanghai wrote: | | Are 10.x.x.x reserved address? |
Yes.
There are reserved (private) address ranges in each network class.
For Class A, this is 10.x.x.x - the whole 10. subnet is neither used nor routed on the internet.
Which is why one can never use such an address on a public network.
The first router it bumps into will drop all traffic.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
| Posted: Wed Mar 17, 2004 7:44 am Post subject: |
|
|
Better: i've an IP address which is just visible to the network inside the NAT (i.e. to the others using my ISP). If i give my ip "internal" address to someone inside this network he can browse my webserver...
Technically i could ask my provider for a public IP address, but i had to pay for it, so i don't want. Either, when i need a public IP i can use an ipv6 tunneling service (which isn't active actually).
What do you think i should do?
_________________
Il sonno della ragione genera mostri. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Mar 17, 2004 9:11 am Post subject: |
|
|
I think you should consider switching to a decent provider 
Really, these kinds of frauds deserve neither your money nor your support.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
| Posted: Wed Mar 17, 2004 12:36 pm Post subject: |
|
|
I agree, but this is the fastest italian line 
Heh... 
_________________
Il sonno della ragione genera mostri. |
|
| Back to top |
|
|
rewt
n00b
Joined: 19 Feb 2004
Posts: 58
|
| Posted: Wed Mar 17, 2004 12:43 pm Post subject: |
|
|
As adaptr already said 10.x.x.x is an unroutable address so it seems the attack is coming from inside your ISP somewhere
The fact you're running Samba let alone the other services that are likely running on your box means you should serious learn to set up a firewall... FAST! There is no way in this world I would hang an unsecured box off my ISP and I barely run any services
There are some good online guides to getting a basic firewall going so it shouldn't take much work and believe me it is worth the investment of your time and energy
Good luck
_________________
Because sometimes peace is another word for surrender... and secrets have a way of getting out |
|
| Back to top |
|
|
koma
Advocate
Joined: 06 Jun 2003
Posts: 2702
Location: Italy
|
|
| Back to top |
|
|
robinmarlow
Apprentice
Joined: 10 Mar 2004
Posts: 167
|
| Posted: Sun Jul 31, 2005 9:37 am Post subject: |
|
|
I am on NTL cable & recently added a d-link 624+ router/firewall between me and the internet.
My logs have been filling up with:
| Code: | | phoenix 10.186.239.254 sent an invalid ICMP type 3, code 13 error to a broadcast: 192.168.1.255 on eth1 |
i tried blocking icmp at the firewall & blocking that ip address, but nothing helped.
i'm kinda assuming that it is coming from my router itself and innocuous so:
| Code: | echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
seems to make them go away.
Hope this helps someone
Robin |
|
| Back to top |
|
|
|
Networking & Security
somebody help? or a soluction to drop it from dmesg ?