[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

can anyone explain this ipfilter log entry?

Hello all,

I was wondering if anyone out there might be able to explain this IPFilter log
entry that is continually occuring on my firewall.  I noticed it yesterday when
I edited my rule set.  It was apparently getting through before that time.  It
is just a home network that this packet filter is in front of, so I'm running 
Userland PPP on the tun0 interface.  

I'm getting hit by this IP at least 1 time per second.  It didn't bother me 
much yesterday as after I edited my ruleset I disconnected from the net and 
then reconnected, and it seemed that the hits stopped.  Then today I noticed 
they have started again, and I have a different IP today, so I'm wondering if 
this guy isn't spamming the entire network.  Below is a line from my logs.  

I have found out that the protocol is Encapsulated Security Protocol, and I 
believe it has something to do with IPSec, but I don't have that enabled on 
this system.  If anyone has any ideas of what this is, or questions, please 
feel free to ask.

Dec 22 15:58:31 <my hostname> ipmon[8273]:  15:58:30.331950   tun0 @100:21
b -> <my dynamic ip>  PR esp len 20 (128) IN

Thanks in advance,

 Roger W. Williams    http://www.eclipse.net/~spiffer    ICQ 973589   

Visit your host, monkey.org