LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-07-2004, 12:48 PM   #1
waffe
Member
 
Registered: Sep 2003
Distribution: Debian
Posts: 69

Rep: Reputation: 15
Failed checksum from "IP"


I have a Linux Debian 3.0 server. There has been a continuous message that pops up that says:

IP_MASQ:reverse ICMP: failed checksum from 217.127.10.23

Sometimes I have many of these in a row with the same IP address.

So what is this person/computer doing and is there a way I can protect myself.

Thanks
 
Old 01-08-2004, 06:11 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,725
Blog Entries: 54

Rep: Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970
So what is this person/computer doing and is there a way I can protect myself.
Message is to notify (level "informational" not a critical error) you the kernel found a bad packet checksum. Since the kernel already intercepted and dropped it there's nothing you need to do or worry about.
 
Old 01-08-2004, 03:31 PM   #3
waffe
Member
 
Registered: Sep 2003
Distribution: Debian
Posts: 69

Original Poster
Rep: Reputation: 15
Talking Dig It!

Glad to hear it.

What is this person trying to do?
 
Old 01-10-2004, 01:28 AM   #4
waffe
Member
 
Registered: Sep 2003
Distribution: Debian
Posts: 69

Original Poster
Rep: Reputation: 15
The reason I ask is because I see the same IP address from a weeks ago come up again and again. So to me this is someone who is coming back to my box and messing with it. Can I find out who this person is? Can I mask myself so they cannot see me? Can I send his computer a power serge so it catches on fire and burns his house down?

Thanks

Last edited by waffe; 01-10-2004 at 07:21 PM.
 
Old 01-10-2004, 07:36 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,725
Blog Entries: 54

Rep: Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970Reputation: 2970
The first thing to realise is the most common cause for these type of messages is bad network conditions not malicious activity. Then realise the kernel ALREADY dropped the bad packet before you see the logged message, so the packet wasn't used, no harm done.

If you want to investigate, you'll need to find out if you or anything on your LAN has dealings with this IP address, like if you try to access services overthere, or if you provide services or play games. Easiest way would be to set up your firewall with full in/outbound logging using LOG target rules and take it from there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Xorg -- (EE) Failed to load module "glx" (loader failed, 7) windowsrefugeeX Linux - Software 10 09-23-2009 06:51 PM
Network boot returns "UDP Checksum Error" iainr Linux - Networking 1 08-06-2009 02:58 PM
Please help on "Mplayer plugin" failed when using "Make" Blue Jacket Linux - Software 9 10-20-2005 03:29 AM
"Failed to load module "i915"" Kane635 Linux - Software 0 11-22-2004 09:17 PM
does failed using urpmi messed up my "Install Software" / "mandrake update" ??? sirpelidor Mandriva 1 11-02-2003 10:00 PM


All times are GMT -5. The time now is 09:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration