14 May
2010
14 May
'10
1:40 p.m.
@Simon, that's someone who ipspoofing your network with reserved numbers. On your firewall, setup a rule to block all reserved subnets because these are not routable. I'm out of here, that was my final response to the list for while. Asanteni. :-) On Fri, May 14, 2010 at 12:54 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
While looking at my /var/log/messages, I came across this line which caught my eye: May 14 11:01:27 my-host.my.domain kernel: LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=20868 DF PRO<7>BANDWIDTH_OUT:IN=eth1 OUT=eth0 SRC=10.230.0.63 DST=10.230.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=51910 PROTO=UDP SPT=137 DPT=137 LEN=58