LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-29-2009, 02:30 PM   #1
acummings
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 615

Rep: Reputation: 49
excess of Invalid packet in dmesg | firewall kernel 2.6.28.8 slackware 12.2


Hi,

For a long time now, I have

biff n

in my .bashrc

It didn't do this (Invalid packet) with the Slack 12.2 generic-smp kernel (began only when switched to using 2.6.28.8)

Slackware 12.2 running 2.6.28.8 that I compiled/built on this Slack 12.2

Code:
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=67.228.180.66 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41995 DF PROTO=TCP SPT=80 DPT=38518 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=67.228.180.66 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41996 DF PROTO=TCP SPT=80 DPT=38520 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=74.86.135.170 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41997 DF PROTO=TCP SPT=80 DPT=47734 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=74.86.135.174 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41999 DF PROTO=TCP SPT=80 DPT=40579 WINDOW=0 RES=0x00 ACK RST URGP=0
That list continually grows due to each and every web site browsed with firefox adds another onto that list.

It appears to me to be a wrong report and not actual invalid packet(s).

I'm running dnsmasq on this box with its config set for this box benefits from dnsmasq (no nat, no masquerade).

But, there's no changes other than the kernel 2.6.28.8 instead of the kernel that shipped with Slack 12.2

Anyone run into this with the 2.6.28.8 kernel or otherwise have a clue what the cause might be?

--
Alan.
 
Old 03-31-2009, 01:56 AM   #2
janhe
Member
 
Registered: Jul 2007
Location: Belgium
Distribution: slackware64 13.1, slackware 13.1
Posts: 369

Rep: Reputation: 45
try the first response from this one:

http://letmegooglethatforyou.com/?q=ack+rst

Not that I accuse you of not trying to google (you would have to know which keywords to use), I just wanted to link that website ;-)

ACK and RST are flags that are set in the header of the TCP segment. In a statfull firewall these flags are used to determine which packets belong to a connection and which ones don't. Packets which don't belong to a connection are dropped and, in your case, logged.

So these packets aren't especially bogus, but they aren't especially valid.

Last edited by janhe; 03-31-2009 at 01:58 AM. Reason: better wording
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dmesg Invalid packet / INPUT packet died flood H_TeXMeX_H Slackware 5 11-12-2007 02:52 PM
dmesg Invalid packet H_TeXMeX_H Slackware 4 03-13-2007 12:07 PM
Kernel confusion on SMP system--get rid of excess RPMs? JMCraig Linux - Newbie 5 02-25-2006 09:44 AM
Bogus packet displayed in dmesg zulfilee Linux - Networking 0 06-23-2004 08:52 AM
Firewall and dmesg Half_Elf Linux - Security 1 05-13-2002 01:20 AM


All times are GMT -5. The time now is 05:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration