| View previous topic :: View next topic |
| Author |
Message |
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5941
|
 Posted: Tue Feb 26, 2008 8:53 pm Post subject: iptables input dest ip 255.255.255.255 |
 |
|
hello, I'm a part of a very noisy network, my iptables rejects log shows alot of rejected incoming packets with destination ip of 255.255.255.255
on destination ports 67, 2222, 1211, 68.
moreover, I've got alot of packets that are been rejected, none for my ip, rather to another ip that ends with .255 under destination port 6646
has anyone have an idea what they are? should I not filter them?
thanks
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
 |
patrix_neo
Guru
Joined: 08 Jan 2004
Posts: 520
Location: The Maldives
|
| Posted: Tue Feb 26, 2008 9:27 pm Post subject: |
|
|
You should allow 67 in and 68 out if you have DHCP. That would be a dhcp server trying to reach you.
The 68 port trying to reach in is a dhcp-client trying to get a number from you - and everybody else on the net.
When asking for ip 255.255.255.255 then it is a call from a computer trying to reach all computers in a network with a specific service running. When it's 68, a dhcp server would answer said computer according to it's configuration of course. When the IP source is 255.255.255.255 I would suspect a spoof attach though. So you should reject all source ip with that address. I would/do so. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5941
|
| Posted: Wed Feb 27, 2008 9:17 pm Post subject: |
|
|
now port 5000 to that same address has been added
what about the other ports?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
|
Networking & Security
