LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-19-2005, 01:20 PM   #1
Seventh
Member
 
Registered: Dec 2003
Location: Boston, MA
Distribution: Redhat / Debian
Posts: 269

Rep: Reputation: 30
Constant kernel spam in logfile


My /var/log/messages file is completely full of this:

Oct 19 11:45:09 localhost kernel: 129.83.81.206 sent an invalid ICMP type 11, code 0 error to a broadcast: 129.83.81.255 on eth0

What is this message, and how do I get rid of it? Thanks. =)
 
Old 10-19-2005, 08:18 PM   #2
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 52
Could be a result of some traceroute or other rubbish that computer is sending to yours. http://www.linuxquestions.org/questions/history/361429

What distro are you using? To run off logging you need to find how iptables is being setup. If its just an iptables script somewhere see http://www.linuxforum.com/forums/ind...owtopic=157505
 
Old 10-20-2005, 02:50 AM   #3
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 52
yea it looks like you ISP is pinging you (i'm not that sure about that) and this is your machines response

The MITRE Corporation
is the recipient anyway

make sure you don't have any line like
$IPTABLES -A INPUT -p icmp -j ACCEPT
in your firewall before the drop and it shuld go away
 
Old 10-20-2005, 06:59 AM   #4
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 55
I would more think that his machine (or someone from the same subnet) is sending a IP datagram with TTL 1 to this IP (traceroute or anykind of ip traffic).

Looking at icmp.c, it says do not violate rfc 1122.

Maybe this:

An ICMP error message MUST NOT be sent as the result of
receiving:

* a datagram whose source address does not define a single
host -- e.g., a zero address, a loopback address, a
broadcast address, a multicast address, or a Class E
address.


So first,
CHECK that the netmask is the same as the one of the machine sending you this.

If it is ok, then the remote machine "should" not send this (not following the RFC1122)

To disable further interpretation of this packets for your kernel, you need sysctl configured in your kernel and add net.ipv4.icmp_ignore_bogus_error_responses in sysctl.conf

Last edited by nx5000; 10-20-2005 at 07:21 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell scripting: Print output to logfile, error to logfile & screen stefanlasiewski Programming 18 05-22-2008 01:47 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM
constant kernel compile problem czarherr Slackware 4 03-27-2004 09:18 PM
I am looking for a LogFile Viewer dude4you Linux - Software 6 02-02-2004 05:09 PM
What other anti-spam for Linux that can be used, other than Spam assassin? johnportiz Linux - Software 6 01-27-2004 04:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration