LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-23-2004, 08:56 AM   #1
peppiv
LQ Newbie
 
Registered: Sep 2003
Location: Orlando
Distribution: Red Hat 7.3
Posts: 10

Rep: Reputation: 0
What exactly does the !H routing flag mean?


I'm not a big network guy, so please bear with my ignorance.

We've had some DNS issues recently (not sure if it's not resolving through Sprint DNS servers) and in watching netstat -rn lately, I've noticed quite a few entries that are listed with the !H flag. I've looked up all the info I could find but I'm not really sure what is meant. I know it means reject as Host, but why are these entries being added? Looks something like this:

Destination Gateway Genmask Flags MSS Window irtt iface
205.188.156.249 0.0.0.0 255.255.255.255 !H - - - -
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

After a week or so, I get several of these different ip's listed here (I know what's loopback and the gateway's not listed). I usually delete the foreign addresses. Can anyone tell me why they're even created here in the first place?

TIA,

peppiv
 
Old 02-23-2004, 12:37 PM   #2
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
peppiv,

My guess would be that you are running some sort of active Network Intrusion system. It's adding a null route for hosts it thinks are bad. Any ideas on what your are running? What is your firewall system.

Good Luck,
chris
 
Old 02-23-2004, 12:44 PM   #3
peppiv
LQ Newbie
 
Registered: Sep 2003
Location: Orlando
Distribution: Red Hat 7.3
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks for the look.

I am running PortSentry. But I didn't think it puts the hosts in the router table. I thought it put them in the host.deny file. I could easily be wrong.

We're running RH 7.3 and only using it's own GUI firewall protection (set to high). I'd really like to rewrite the iptables and make them more strict. Just haven't had time. We do have a router in front that has it's own rules to what protocols/ports pass through.

The host.deny file is quite large compared to the few outside ip's that get put in the router table. Does it get flushed after a certain time?

Last edited by peppiv; 02-23-2004 at 12:45 PM.
 
Old 02-23-2004, 12:56 PM   #4
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
I'm not familiar w/ portsentry. It could be doing both. You probably want to delve into the documentation, unless someone here is more helpful. The problem with host.deny, is that not every application uses it.

Good Luck,
chris
 
Old 02-23-2004, 01:10 PM   #5
peppiv
LQ Newbie
 
Registered: Sep 2003
Location: Orlando
Distribution: Red Hat 7.3
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks for the help.

PortSentry's a great little packet sniffer designed to block computers from scanning your ports and subsequently your system. I've always loved using it. Unfortunately, Cisco bought it up and I'm not sure why. Either to get this great and free product out of people's minds so they can buy Cisco products, or to study it and learn how to integrate some of it's strengths into their own stuff.

Do you know if the ip router table gets flushed on its own? I know the command to flush it, but I didn't know if is scheduled to do it on its own.
 
Old 02-23-2004, 01:27 PM   #6
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
AFAIK, routes aren't automatically aged by the kernel or any userland program. Perhaps portsentry is doing it on it's own. Also, anytime an interface goes down, it loses it's routes. So they will disappear when you reboot. I would look into getting portsentry to use iptables instead of the routing table. My route man page is tell me not to use this feature for firewalling. Go figure.

Have fun,
chris
 
Old 02-23-2004, 03:31 PM   #7
peppiv
LQ Newbie
 
Registered: Sep 2003
Location: Orlando
Distribution: Red Hat 7.3
Posts: 10

Original Poster
Rep: Reputation: 0
You were right. I did go through the portsentry files and found that it puts them in the routing tables.

Hmmm. Makes me wonder how effective it really is.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Use Of Secure_no_root Flag mulholland Linux - Security 0 01-12-2005 04:19 AM
Red Flag varun_33 Linux - Distributions 1 01-11-2005 03:38 PM
Red Flag varun_33 Linux - Distributions 1 01-08-2005 05:30 PM
Red Flag varun_33 Linux - Newbie 2 01-08-2005 05:12 PM
flag files johncla Linux - Networking 0 10-07-2001 05:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration