On Tue, Feb 18, 2003 at 06:42:11PM +0200, Michael Lawford wrote:
> I have a RaQ550 server that runs iptables. The other day i logged in and
> got 1000+ of the following message from my server.
>
> This alert notification is to inform you of network activity occurring on
> your host.
>
> Timestamp: Tue 18 Feb 2003 12:05:54 PM SAST
> Alert Type: Port Scan Detected
> Interface: eth0
> Protocol: 3/3/icmp
> Packet Size (bytes): 99
>
> Source Address: (my IP here)
> Source port:
> Direction: outbound
> Destination Address: 196.7.0.138 (UUNet's main DNS server)
> Destination Port:
>
> Log Entry: eth0:portscan: 3/3/icmp (my IP here) -> 196.7.0.138
> 99 (22)
>
>
> And I keep getting these little error messages every 2 or 3 minutes... Now
> my network and UUNet guys tell me that it is IPTables that is trying to
> resolve to their main DNS server. They have checked the settings and all
> appears to be well so they think that it is a bug. If their is a fix /
> patch please let me know about it. I am tearing my hair out trying to fix
> it. Any advice would be appreciated.
ICMP type=3 code=3 means Destination Unreachable. Looks like UUNets DNS
server has some problems?!
Or do you DNAT inbound traffic to you LAN to some machine which is off
at the moment, so your kernel wants to tell this DNS server that it is
unreachable?!?
--
the three great virtues of a programmer:
laziness, impatience and hubris.
Lary Wall
