Possible IP tables problem?

jstreed · 11-01-2004, 03:30 PM

When my computer starts, I get the following output in the system log:

I get this message repeadedly when the computer is running. Any ideas as to what is causing this? I thought it was firestarter at first, but removing the program proved me wrong.

Oct 18 13:45:15 localhost kernel: ip_tables: (C) 2000-2002 Netfilter core team
Oct 18 13:45:38 localhost kernel: ip_conntrack version 2.1 (3072 buckets, 24576 max) - 296 bytes per conntrack
Oct 18 13:45:44 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:56:ca:db:d8:08:00 SRC=170.140.187.141 DST=170.140$Oct 18 13:45:47 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:6b:73:10:08:00 SRC=170.140.187.138 DST=170.140$Oct 18 13:45:56 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:02:b3:48:da:79:08:00 SRC=170.140.186.26 DST=255.255.$Oct 18 13:46:03 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:6b:73:10:08:00 SRC=170.140.187.138 DST=170.140$Oct 18 13:46:05 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:6b:73:10:08:00 SRC=170.140.187.138 DST=170.140$Oct 18 13:46:10 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:6b:73:10:08:00 SRC=170.140.187.138 DST=170.140$Oct 18 13:46:16 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:56:d6:11:9d:08:00 SRC=170.140.187.136 DST=170.140$Oct 18 13:46:18 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:6b:73:10:08:00 SRC=170.140.187.138 DST=170.140$Oct 18 13:46:28 localhost kernel: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:04:80:58:a2:00:08:00 SRC=170.140.187.254 DST=224.0.0$Oct 18 13:46:29 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:ad:97:ef:08:00 SRC=170.140.187.94 DST=170.140.$Oct 18 13:46:29 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c2:20:08:00 SRC=170.140.186.107 DST=170.140$Oct 18 13:46:29 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c1:e9:08:00 SRC=170.140.186.14 DST=170.140.$Oct 18 13:46:30 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:56:ca:da:db:08:00 SRC=170.140.187.142 DST=170.140$Oct 18 13:46:30 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:b0:d0:3d:eb:70:08:00 SRC=170.140.187.80 DST=170.140.$Oct 18 13:46:31 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:b0:d0:3d:eb:70:08:00 SRC=170.140.187.80 DST=170.140.$Oct 18 13:46:31 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c2:20:08:00 SRC=170.140.186.107 DST=170.140$Oct 18 13:46:31 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c2:20:08:00 SRC=170.140.186.107 DST=170.140$Oct 18 13:46:31 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c1:e9:08:00 SRC=170.140.186.14 DST=170.140.$Oct 18 13:46:31 localhost kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:ba:5c:c1:e9:08:00 SRC=170.140.186.14

Thanks

Josh

Pcghost · 11-01-2004, 05:12 PM

Do you have a network card with that mac address? How about those source and destination ip's. I would whois the destination address and see who the machine is talking to.

jstreed · 11-02-2004, 10:08 AM

Is there any way I can turn this verbose output off? My network card does have a Mac address, but I don't know what's causing all this crazy output. Similar output it shown on another network, so it isn't related to my network at home.

Dead Parrot · 11-02-2004, 11:19 AM

You can install ulogd to redirect the firewall log messages into a specific file. In the sticky thread of this forum I have explained how to do this with FireHOL:

http://www.linuxquestions.org/questi...5&pagenumber=1