The firewall is 200.21.1.254, on a private net.
Sep 24 11:57:03 firewall kernel: IN=eth0 OUT= MAC=00:40:05:3d:51:e9:00:50:3e:ed:28:a0:08:00 SRC=200.175.75.101 DST=200.2
1.1.254 LEN=56 TOS=0x00 PREC=0x00 TTL=43 ID=10814 PROTO=ICMP TYPE=3 CODE=3 [SRC=200.21.1.254 DST=200.175.75.101 LEN=48 T
OS=0x00 PREC=0x00 TTL=102 ID=2554 DF PROTO=TCP INCOMPLETE [8 bytes] ]
it *almost* looks like my box is sending an ICMP query, and getting a "port closed" response. The thing that bothers me about this is that I don't allow ICMP to talk on the box at all, so I shouldn't be sending ICMP, or if the machine tries to, I should be getting it logged, as I'm logging all of my drops.
Confused. -- Eric Ellis Gilchrist County Sheriff's Department IT Coordinator eellis@xxxxxxxxxxxxxxxxxxxxxxx 352-463-3181
