|
I am getting some disturbing packet traffic hitting my firewall. Here goes:
IN=eth4 OUT=eth5 SRC="" DST=24.57.108.11 LEN=76 TOS=0x00 PREC=0xC0 TTL=25 4 ID=17431 PROTO=ICMP TYPE=3 CODE=3 [SRC="" DST=24.87.243.251 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=15860 DF PROTO=TCP SPT= 3161 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ]
None of the addresses listed in the packets are from my networks, but what is more disturbing is that eth4 is my internal network interface. Can anyone see (baring an internal intrusion has occurred) how this can happen?
It definitely appears to be an exploit on my configuration or something.
|
