Need help to interp kernel log message.
webmaster at swedehost.com
Mon Sep 15 14:41:38 PDT 2003
On Monday 15 September 2003 14.02, Roman Neuhauser wrote:
> # webmaster at swedehost.com / 2003-09-15 12:17:01 +0200:
> > On Saturday 13 September 2003 03.24, Roman Neuhauser wrote:
> > > # webmaster at swedehost.com / 2003-09-12 05:37:17 +0200:
> > > > I 've got a message in my logfiles that I don't understand.
> > > > The ip-addresses are none that I'm to my knowing are associated
> > > > with. Wonder what it is or if it's anything to worry about.
> > > >
> > > > odin.swedehost.com kernel log messages:
> > > > > icmp redirect from 220.127.116.11: 18.104.22.168 =>
> > > > > 22.214.171.124
> > > >
> > > > Checking up on the above Ip-addresses don't ring any bells
> > > > ider.
> > >
> > > Looks like your machine was sending traffic to
> > > 126.96.36.199, and an intermediate host at 188.8.131.52 sent
> > > an ICMP redirect message telling it to send them to 184.108.40.206
> > > instead. See RFC 792.
> > >
> > > As for security concerns: any packet might have the source
> > > address spoofed, and obeying ICMP type 5 messages in a hostile
> > > environment (like the internet) means you're giving your network
> > > traffic out for public consumption.
> > Thx for your answer.
> > In my rc.conf file, I do have
> > icmp_drop_redirect="YES"
> > icmp_log_redirect="YES"
> > but I guess that's not enough.
> > Probably have to block in my firewall.
> what makes you think so? did the box really change the route?
You mean it dropped and logged it. Just as supposed to ?
More information about the freebsd-questions