[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
can anyone explain this ipfilter log entry?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: can anyone explain this ipfilter log entry?
- From: "Roger W. Williams" <spiffer_(_at_)_eclipse_(_dot_)_net>
- Date: Fri, 22 Dec 2000 16:10:38 -0500
I was wondering if anyone out there might be able to explain this IPFilter log
entry that is continually occuring on my firewall. I noticed it yesterday when
I edited my rule set. It was apparently getting through before that time. It
is just a home network that this packet filter is in front of, so I'm running
Userland PPP on the tun0 interface.
I'm getting hit by this IP at least 1 time per second. It didn't bother me
much yesterday as after I edited my ruleset I disconnected from the net and
then reconnected, and it seemed that the hits stopped. Then today I noticed
they have started again, and I have a different IP today, so I'm wondering if
this guy isn't spamming the entire network. Below is a line from my logs.
I have found out that the protocol is Encapsulated Security Protocol, and I
believe it has something to do with IPSec, but I don't have that enabled on
this system. If anyone has any ideas of what this is, or questions, please
feel free to ask.
Dec 22 15:58:31 <my hostname> ipmon: 15:58:30.331950 tun0 @100:21
b 220.127.116.11 -> <my dynamic ip> PR esp len 20 (128) IN
Thanks in advance,
Roger W. Williams http://www.eclipse.net/~spiffer ICQ 973589