Le dim 29/02/2004 à 10:17, Bo Jacobsen a écrit : > What is the following log info. It looks like some kind of combined > ICMP and DNS ? > Feb 29 10:02:03 WFx-SH kernel: > DROP-OUT:IN= OUT=eth0 SRC=192.168.1.2 DST=212.54.64.171 > LEN=198 TOS=0x00 PREC=0xC0 TTL=64 ID=30626 > PROTO=ICMP TYPE=3 CODE=3 [SRC=212.54.64.171 DST=192.168.1.2 LEN=170 > TOS=0x00 PREC=0x40 TTL=59 ID=53582 > PROTO=UDP SPT=53 DPT=59554 > LEN=150 ] To complete Antony's answer... This is an ICMP port unreachable sent by 192.168.1.2 to 212.54.64.171 about what looks like a DNS answer (sport=UDP/53). This usually happen on loaded links. Answer is delayed to the point client has already closed its socket when it arrives. So the client sends back an ICMP port unreachable. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
