[wplug] strange messages.
Alexandros Papadopoulos
apapadop at cmu.edu
Mon Sep 30 15:33:40 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 30 September 2002 14:45, harrold at sage.che.pitt.edu wrote:
> Sometime in September Alexandros Papadopoulos assaulted keyboard and
> produced...
>
> |> SRC=136.142.89.250
> |> DST=61.218.206.18
> |>
> |> OUT=eth0 SRC=136.142.89.250
> |> DST=218.16.125.85
>
> does it matter that neither of the ip addresses are from the computer
> running iptables or any of the computers it's doing nat for?
>
I assume you're referring to the destination IPs, since the source IPs may be
spoofed.
If the log comes from the NAT box, and neither 61.218.206.18 or 218.16.125.85
belong to it, these entries shouldn't be there. Is eth0 an internal or
external interface?
- -A
- --
http://www.andrew.cmu.edu/~apapadop/pub_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9mKcU/Fud6lI1bCIRApIsAJ93HDqQ9jBn7vqwrXh+hLPlmORpIQCgsNXF
kwXGkCPZ1ecLberzSxIGOvk=
=GCXC
-----END PGP SIGNATURE-----
More information about the wplug
mailing list