From owner-freebsd-questions@FreeBSD.ORG Mon Sep 15 05:02:15 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 268A716A4BF for ; Mon, 15 Sep 2003 05:02:15 -0700 (PDT) Received: from lilith.bellavista.cz (lilith.bellavista.cz [213.235.167.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA55F43F85 for ; Mon, 15 Sep 2003 05:02:13 -0700 (PDT) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by lilith.bellavista.cz (Postfix) with ESMTP id 6D56D28; Mon, 15 Sep 2003 14:02:12 +0200 (CEST) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id 394522FDA01; Mon, 15 Sep 2003 14:02:12 +0200 (CEST) Date: Mon, 15 Sep 2003 14:02:12 +0200 From: Roman Neuhauser To: Hasse Hansson Message-ID: <20030915120212.GC2511@freepuppy.bellavista.cz> Mail-Followup-To: Hasse Hansson , FreeBSD Questions References: <200309120537.17416.webmaster@swedehost.com> <20030913012430.GE1498@freepuppy.bellavista.cz> <200309151217.02016.webmaster@swedehost.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200309151217.02016.webmaster@swedehost.com> User-Agent: Mutt/1.5.4i cc: FreeBSD Questions Subject: Re: Need help to interp kernel log message. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2003 12:02:15 -0000 # webmaster@swedehost.com / 2003-09-15 12:17:01 +0200: > On Saturday 13 September 2003 03.24, Roman Neuhauser wrote: > > # webmaster@swedehost.com / 2003-09-12 05:37:17 +0200: > > > I 've got a message in my logfiles that I don't understand. > > > The ip-addresses are none that I'm to my knowing are associated > > > with. Wonder what it is or if it's anything to worry about. > > > > > > odin.swedehost.com kernel log messages: > > > > icmp redirect from 65.104.98.146: 204.152.184.189 => > > > > 65.104.98.145 > > > > > > Checking up on the above Ip-addresses don't ring any bells ider. > > > > Looks like your machine was sending traffic to 204.152.184.189, > > and an intermediate host at 65.104.98.146 sent an ICMP redirect > > message telling it to send them to 65.104.98.145 instead. See RFC > > 792. > > > > As for security concerns: any packet might have the source > > address spoofed, and obeying ICMP type 5 messages in a hostile > > environment (like the internet) means you're giving your network > > traffic out for public consumption. > > Thx for your answer. > In my rc.conf file, I do have > icmp_drop_redirect="YES" > icmp_log_redirect="YES" > but I guess that's not enough. > Probably have to block in my firewall. what makes you think so? did the box really change the route? -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html