[svlug] peculiar ipchains DENY

John Conover conover at inow.com
Mon Aug 7 13:06:01 PDT 2000

Previous message: [svlug] peculiar ipchains DENY
Next message: [svlug] bash question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If anyone is constructing a VPN using pppd in a Linux box to slirp in
a shell account on a Unix box on the Internet, to construct an ssh
tunnel, (which as complicated as it sounds, is a very reliable
solution,) for Internet connectivity for a LAN, slirp itself, (for
mysterious reasons,) attempts periodically to contact 0.0.0.0:65535 on
the LAN-which of course is logged by ipchains, (it was found on a
routine security audit of a new machine.)

FYI.

        John

BTW, slirp now lives on sourceforge, and is a way of constructing IP
masquerading, (ie., NAT,) in the Internet host itself, (since almost
no ISPs will do that-which is probably a viable service biz model for
small business clients, come to think of it. Sure cuts down on the
ipchains foot prints of the script kiddies over DSL.)

John Conover writes:
> 
> When hooked into the Internet via PPP, infrequently in syslog, I get:
> 
>     Aug 5 23:52:31 john kernel: Packet log: input DENY ppp0 PROTO=0 \
>     0.0.0.0:65535 0.0.0.0:65535 L=40 S=0x08 I=3300 F=0x0000 T=64 (#99)
> 
> Does anyone know where this is coming from?
> 
>       Thanks,
> 
>       John
> 
-- 

John Conover        Tel. 408.370.2688  conover at inow.com
631 Lamont Ct.      Cel. 408.772.7733
Campbell, CA 95008  Fax. 408.379.9602  http://www.johncon.com

Previous message: [svlug] peculiar ipchains DENY
Next message: [svlug] bash question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list