|
Posted by Matthias Apitz on February 22, 2008, 2:47 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Dear all,
>I've recently noticed some packets coming in on port 22 (sshd) on my
>external interface from the 192.168.1.0/24 network. I don't have any
>local machines on this network and the packets are coming in on my WAN
>interface (via my router). How is that possible? My understanding was
>that this network was not routeable from the internet. I'm guessing
>someone is try to get at my sshd server. Below are the packets. Is
>there any way to get more info on where they are coming from?
>Feb 20 20:02:14 tti kernel: iptables chain hostile: IN=eth1 OUT=
>MAC=00:0e:0c:dd:73:16:00:11:6e:00:f9:70:08:00 SRC=192.168.1.126
>DST=172.16.251.61 LEN=228 TOS=0x10 PREC=0x00 TTL=47 ID=19109 DF
>PROTO=TCP SPT=38196 DPT=22 WINDOW=16022 RES=0x00 ACK PSH FIN URGP=0
>I'm using iptables on a 2.6 Linux box.
Kevin,
I saw such stuff once in my firewall *incoming* as well and I think
an IP pkg with such private range src addr may arrive if the dst addr
is correct, but of course no answer through Internet to that src addr
is possible.
matthias
| 
XML site map