I am getting entries like the following in my firewall logs. They appear to be generated by dns requests to the name servers I use: Sep 26 13:26:06 box kernel: Invalid State Packet IN=eth0 OUT= MAC=00:d0:b7:b0:09:c9:08:00:20:a0:2a:da:08:00 SRC=10.206.123.3 DST=10.206.123.25 LEN=85 TOS=0x00 PREC=0x00 TTL=255 ID=60534 DF PROTO=UDP SPT=6 DPT=27036 LEN=65 Notice that source port is 6. However a tcpdump shows the following packets arriving at that time . 13:26:06.240611 10.206.123.3.53 > 10.206.123.25.27037: 38007 ServFail 0/0/0 (45) (DF) 13:26:06.338146 10.206.123.3.53 > 10.206.123.25.27036: 966 ServFail 0/0/0 (57)(DF) 13:26:06.338325 10.206.123.3.53 > 10.206.123.25.27036: 966 ServFail 0/0/0 (57)(DF) 13:26:06.338480 10.206.123.3.53 > 10.206.123.25.27036: 966 ServFail 0/0/0 (57)(DF) 13:26:06.338655 10.206.123.3.53 > 10.206.123.25.27036: 966 ServFail 0/0/0 (57)(DF) There is no port 6 there...and I cerntainly did not send any packets to that port. Any ideas why this is generated ? Best regards , -- ============================================================================= Dimitris Zilaskos Department of Physics @ Aristotle Univercity of Thessaloniki , Greece PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc MD5sum : 4f84f3f53cb046008b4abcb2a092d28d pgp_public_key.asc =============================================================================
