Date: Sat, 13 Sep 2003 03:24:30 +0200 From: Roman Neuhauser <neuhauser@bellavista.cz> To: Hasse Hansson <webmaster@swedehost.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Need help to interp kernel log message. Message-ID: <20030913012430.GE1498@freepuppy.bellavista.cz> In-Reply-To: <200309120537.17416.webmaster@swedehost.com> References: <200309120537.17416.webmaster@swedehost.com>
next in thread | previous in thread | raw e-mail | index | archive | help
# webmaster@swedehost.com / 2003-09-12 05:37:17 +0200:
> I 've got a message in my logfiles that I don't understand.
> The ip-addresses are none that I'm to my knowing are associated with.
> Wonder what it is or if it's anything to worry about.
>
> odin.swedehost.com kernel log messages:
> > icmp redirect from 65.104.98.146: 204.152.184.189 => 65.104.98.145
>
> Checking up on the above Ip-addresses don't ring any bells ider.
Looks like your machine was sending traffic to 204.152.184.189, and
an intermediate host at 65.104.98.146 sent an ICMP redirect message
telling it to send them to 65.104.98.145 instead. See RFC 792.
As for security concerns: any packet might have the source address
spoofed, and obeying ICMP type 5 messages in a hostile environment
(like the internet) means you're giving your network traffic out for
public consumption.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030913012430.GE1498>