LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Help with firewall log
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-16-2008, 10:20 AM   #1
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 267

Rep: Reputation: 36
Help with firewall log

My log files have a continual stream of connection attempts identical to this. Server is behind a firewall, and is (of course) itself firewalled. Any idea what this is?




Nov 16 08:07:58 server1 kernel: Connection attempt (UNPRIV): IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:5e:0b:92:af:08:00 SRC=169.254.1.86 DST=255.255.255.255 LEN=611 TOS=0x00 PREC=0x00 TTL=64 ID=7117 PROTO=UDP SPT=21302 DPT=21302 LEN=591
 
Old 11-16-2008, 10:26 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
The source IP address is on link local address space.

My guess is there is a box on your network that is set up as a dhcp client. It is not getting an address issued by a dhcp server, so it gets assigned the address in 169.254/16 space that you see. Then it seems to be broadcasting packets to the whole subnet.

You might need to talk to your network staff and provide that information. They should be able to identify a switch / port where the traffic is coming from so that the offender can be pinpointed.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall log rickh Fedora 1 06-23-2004 05:35 PM
firewall log question Tyir Linux - Security 3 02-15-2004 07:17 PM
firewall log parser tarballedtux Linux - Software 0 08-04-2003 09:04 PM
Firewall Log Half_Elf Linux - Security 10 09-24-2002 02:38 AM
analyzer for firewall.log ? saavik Linux - Security 1 11-26-2001 11:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:15 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration