Doc, your box is running iptables, which plugs into the kernel, so the kernel sends the error messages. What are you using for the router? A distro of Linux with iptables and Snort? Hopefully yes, with your server in a DMZ to limit access from it to the internal network. By you saying it runs DNS, I'm guessing it is not cordoned off. The logs on your router/firewall will probably have more info. I would check that the webserver is up to date for all security updates and run ckrootkit on it if it is way out of date. Ask Brian Densmore about this.
Can you really shoot lasers and remove pain? Cool. Can you hook us up with something like Star trek has? I just want to do a little target practice.
Brian Kelsay
docv <> 10/12/04 06:21PM >>>
No, Logwatch doesn't tell me where it came from. I am running HTTP, DNS and POP3 on that box. I did have an alert message from my router letting me know that an attack was unsuccessful from that IP address, inbound from WAN, but was concerned when I say that this log message was coming from the kernel. I'm obviously not very knowledgeable about TCP/IP protocols but this old dog is still learning! ;-)
And to answer Dustin's question, no, that's not my clinic. As in my signature lines, my clinic is the Laser Pain Relief Center in downtown Lee's Summit (just opened it up 3 weeks ago).
Brian Kelsay wrote:
ICMP is a ping request. It just means that you are unable to get to that box. But, you want to know why your box is trying to hit it. Are you running the box as a webserver or any other type of server? Is this a ping from the outside or inside? Does Logwatch tell you this?
Brian Kelsay
-
Brian Kelsay