Port 3 to Port 1; PROTO=1
This is a discussion on Port 3 to Port 1; PROTO=1 within the Linux Security forums, part of the System Security and Security Related category; I am getting these about every five seconds from a neighbor on my DSL network. It is getting annoying. What ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-21-2004
|
|||
|
|||
Port 3 to Port 1; PROTO=1
I am getting these about every five seconds from a neighbor on my DSL
network. It is getting annoying. What is he doing? Thanks. Jul 21 12:52:19 mybox kernel: Packet log: input DENY eth0 PROTO=1 T.H.E.M:3 x.M.E.x:1 L=56 S=0x00 I=2768 F=0x0000 T=255 (#24) Bill 
|
|
07-22-2004
|
|||
|
|||
|
Re: Port 3 to Port 1; PROTO=1
xasdfg123456@yahoo.com (xasdfg123456@yahoo.com) writes:
> I am getting these about every five seconds from a neighbor on my DSL > network. It is getting annoying. What is he doing? Thanks. > > Jul 21 12:52:19 mybox kernel: Packet log: input DENY eth0 PROTO=1 > T.H.E.M:3 x.M.E.x:1 L=56 S=0x00 I=2768 F=0x0000 T=255 (#24) proto 1 = ICMP. 3/1 is destination-unreachable network-unreachable host-unreachable <-- this one So either he's spraying ICMP for no good reason, or you're asking for it every 5s. Are you masquerading a horde of evil windoze boxes, or something? (If you are, and they're broadcasting netbios on e.g. 135/udp, and he's firewalling it thinking "let's pretend to play dumb here", you could see this effect.) ~Tim -- HACK THE PLANET! |piglet@stirfried.vegetable.org.uk (Hackers, 1995) |http://pig.sty.nu/Pictures/
|
|
07-22-2004
|
|||
|
|||
|
Re: Port 3 to Port 1; PROTO=1
On 21 Jul 2004 14:30:12 -0700, xasdfg123456@yahoo.com hath writ:
> I am getting these about every five seconds from a neighbor on my DSL > network. I'm confused here. AFAIK, my DSL 'pipe' is mine, and mine alone, until it gets to the DSLAM -- where it becomes a unique IP addy in the _global_ network. So, explain to me about this "...neighbor on my DSL network." Jonesy -- | Marvin L Jones | jonz | W3DHJ | linux | Gunnison, Colorado | @ | Jonesy | OS/2 __ | 7,703' -- 2,345m | config.com | DM68mn SK
|
|
07-22-2004
|
|||
|
|||
|
Re: Port 3 to Port 1; PROTO=1
Allodoxaphobia <NOSPAM_bit-bucket@config.com> wrote:
+--------------- | I'm confused here. AFAIK, my DSL 'pipe' is mine, and mine alone, | until it gets to the DSLAM -- where it becomes a unique IP addy | in the _global_ network. | | So, explain to me about this "...neighbor on my DSL network." +--------------- Some DSL providers (the one I use, for example) use "bridged" (rather than "routed") subnets for their leaf distribution, so that Ethernet MAC-level broadcasts & unicasts *can* reach your neighbors on your subnet (and vice-versa). -Rob ----- Rob Warnock <rpw3@rpw3.org> 627 26th Avenue <URL:http://rpw3.org/> San Mateo, CA 94403 (650)572-2607
|
|
07-22-2004
|
|||
|
|||
|
Re: Port 3 to Port 1; PROTO=1
In article <ef216871.0407211330.32e6750f@posting.google.com >,
xasdfg123456@yahoo.com wrote: >I am getting these about every five seconds from a neighbor on my DSL >network. It is getting annoying. What is he doing? Thanks. > >Jul 21 12:52:19 mybox kernel: Packet log: input DENY eth0 PROTO=1 >T.H.E.M:3 x.M.E.x:1 L=56 S=0x00 I=2768 F=0x0000 T=255 (#24) > >Bill [compton ~]$ grep -w 1 /etc/protocols icmp 1 ICMP # internet control message protocol [compton ~]$ 0792 Internet Control Message Protocol. J. Postel. Sep-01-1981. (Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950) (Also STD0005) (Status: STANDARD) http://www.ietf.org/rfc/rfc0792.txt http://www.faqs.org/rfcs/rfc0792.html http://www.rfc-editor.org/rfc/rfc0792.txt http://www.ccd.bnl.gov/network/general/rfc0792.html http://www.cis.ohio-state.edu/htbin/rfc/rfc0792.html ICMP doesn't have 'ports', so what you see in the 'source port' is the type number, and the 'destination port' is the code number. Try about the third page, where it identifies this as a Type 3 Code 1 message: Type Code Description 3 Destination Unreachable (see below) 0 Network unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 Fragmentation needed, but don't fragment bit set 5 Source route failed 6 Destination network unknown 7 Destination host unknown 8 Source host isolated (obsolete) 9 Destination network administratively prohibited (see RFC1812) 10 Destination host administratively prohibited (see RFC1812) 11 Network unreachable for TOS 12 Host unreachable for TOS 13 Communication administratively prohibited by filtering (RFC1812) 14 Host precedence violation (RFC1812) 15 Precedence cutoff in effect (RFC1812) So - he's telling you to GO AWAY. Why are you bothering him? HINT: /usr/sbin/tcpdump might give you a clue. Old guy
|
|
07-23-2004
|
|||
|
|||
|
Re: Port 3 to Port 1; PROTO=1
On Wed, 21 Jul 2004 21:13:33 -0500, Rob Warnock hath writ:
> Allodoxaphobia <NOSPAM_bit-bucket@config.com> wrote: > +--------------- >| I'm confused here. AFAIK, my DSL 'pipe' is mine, and mine alone, >| until it gets to the DSLAM -- where it becomes a unique IP addy >| in the _global_ network. >| >| So, explain to me about this "...neighbor on my DSL network." > +--------------- > > Some DSL providers (the one I use, for example) use "bridged" > (rather than "routed") subnets for their leaf distribution, > so that Ethernet MAC-level broadcasts & unicasts *can* reach > your neighbors on your subnet (and vice-versa). Rob, hmmmm... This is something I did _not_ know. I finally got to move to DSL back in January, and I did A LOT of research on it (and, more specifically, QWest DSL) before I went 'live' here. If I saw anything like that described, it went right by me. Thanks for the reply! Jonesy -- | Marvin L Jones | jonz | W3DHJ | linux | Gunnison, Colorado | @ | Jonesy | OS/2 __ | 7,703' -- 2,345m | config.com | DM68mn SK
|
Linear Mode
