LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   excess of Invalid packet in dmesg | firewall kernel 2.6.28.8 slackware 12.2 (https://www.linuxquestions.org/questions/slackware-14/excess-of-invalid-packet-in-dmesg-%7C-firewall-kernel-2-6-28-8-slackware-12-2-a-715317/)

acummings 03-29-2009 02:30 PM
excess of Invalid packet in dmesg | firewall kernel 2.6.28.8 slackware 12.2
 
Hi,

For a long time now, I have

biff n

in my .bashrc

It didn't do this (Invalid packet) with the Slack 12.2 generic-smp kernel (began only when switched to using 2.6.28.8)

Slackware 12.2 running 2.6.28.8 that I compiled/built on this Slack 12.2

Code:
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=67.228.180.66 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41995 DF PROTO=TCP SPT=80 DPT=38518 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=67.228.180.66 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41996 DF PROTO=TCP SPT=80 DPT=38520 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=74.86.135.170 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41997 DF PROTO=TCP SPT=80 DPT=47734 WINDOW=0 RES=0x00 ACK RST URGP=0
Invalid packet: IN=eth0 OUT= MAC=00:<my_mac_snipped> SRC=74.86.135.174 DST=<my_ip_snipped> LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41999 DF PROTO=TCP SPT=80 DPT=40579 WINDOW=0 RES=0x00 ACK RST URGP=0
That list continually grows due to each and every web site browsed with firefox adds another onto that list.

It appears to me to be a wrong report and not actual invalid packet(s).

I'm running dnsmasq on this box with its config set for this box benefits from dnsmasq (no nat, no masquerade).

But, there's no changes other than the kernel 2.6.28.8 instead of the kernel that shipped with Slack 12.2

Anyone run into this with the 2.6.28.8 kernel or otherwise have a clue what the cause might be?

--
Alan.

janhe 03-31-2009 01:56 AM
try the first response from this one:

http://letmegooglethatforyou.com/?q=ack+rst

Not that I accuse you of not trying to google (you would have to know which keywords to use), I just wanted to link that website ;-)

ACK and RST are flags that are set in the header of the TCP segment. In a statfull firewall these flags are used to determine which packets belong to a connection and which ones don't. Packets which don't belong to a connection are dropped and, in your case, logged.

So these packets aren't especially bogus, but they aren't especially valid.


All times are GMT -5. The time now is 11:18 AM.