Date: Wed, 25 Feb 2004 16:47:03 +0300 From: Andrew Riabtsev <resident@b-o.ru> To: Iasen Kostov <tbyte@OTEL.net> Cc: freebsd-net@freebsd.org Subject: Re[2]: Bad loopback traffic not stopped by ipfw. Message-ID: <10324604148.20040225164703@b-o.ru> In-Reply-To: <403C9705.3060108@OTEL.net> References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Привет Iasen, Wednesday, February 25, 2004, 3:37:25 PM, you wrote: IK> netstat -s -p ip IK> . IK> . IK> . IK> 3575124 datagrams with bad address in header IK> Could it be this that drops "bad" packets before they enter the IPFW ? To me it would be also interesting to know where this traffic comes from. I have same on my local net: # tcpdump -neifxp0 src or dst 127.0.0.1 tcpdump: listening on fxp0 16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0 16:26:23.285831 0:d:61:e:3f:c3 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.213.167.1571: R 0:0(0) ack 812253185 win 0 16:26:23.287642 0:1:2:9c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 16:26:23.297289 0:4:79:68:14:9c 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.214.208.1997: R 0:0(0) ack 1905917953 win 0 16:26:23.297555 0:c0:df:13:87:c4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.53.212.1836: R 0:0(0) ack 1137442817 win 0 dst mac-address is mac of fxp0 and src addresses is macs from local net not just nonexistent macs. It could be some kind of attack or it is flood from broken device in local net or maybe something else, i'll try to find it out. Let me know if You find out something new. Andrew mailto:resident@b-o.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10324604148.20040225164703>