Need help to interp kernel log message.
Roman Neuhauser
neuhauser at bellavista.cz
Mon Sep 15 05:02:15 PDT 2003
# webmaster at swedehost.com / 2003-09-15 12:17:01 +0200:
> On Saturday 13 September 2003 03.24, Roman Neuhauser wrote:
> > # webmaster at swedehost.com / 2003-09-12 05:37:17 +0200:
> > > I 've got a message in my logfiles that I don't understand.
> > > The ip-addresses are none that I'm to my knowing are associated
> > > with. Wonder what it is or if it's anything to worry about.
> > >
> > > odin.swedehost.com kernel log messages:
> > > > icmp redirect from 65.104.98.146: 204.152.184.189 =>
> > > > 65.104.98.145
> > >
> > > Checking up on the above Ip-addresses don't ring any bells ider.
> >
> > Looks like your machine was sending traffic to 204.152.184.189,
> > and an intermediate host at 65.104.98.146 sent an ICMP redirect
> > message telling it to send them to 65.104.98.145 instead. See RFC
> > 792.
> >
> > As for security concerns: any packet might have the source
> > address spoofed, and obeying ICMP type 5 messages in a hostile
> > environment (like the internet) means you're giving your network
> > traffic out for public consumption.
>
> Thx for your answer.
> In my rc.conf file, I do have
> icmp_drop_redirect="YES"
> icmp_log_redirect="YES"
> but I guess that's not enough.
> Probably have to block in my firewall.
what makes you think so? did the box really change the route?
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
More information about the freebsd-questions
mailing list