1

[other] Strange network traffic reported on /var/log/ufw.log

view story
linux-howto

http://ubuntuforums.org – As i wrote in the thread title, i noticed a strange network traffic reported in /var/log/ufw.log I use a NETGEAR DNG3300 that is configured to block all the incoming connections. 192.168.0.103 is the computer's IP, 192.168.0.1 is the ruoter IP, 192.168.0.100 is the IP of an another pc in my home. UFW is configured to block all incoming connection, allowing only port 22 for SSH. I'm a networking noob, so can someone explain me what are those strange IPs? Code: Dec  6 20:40:41 raspberrypi kernel: [  45.768980] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:b6:23:ac:e0:46:9a:0a:7d:3 (Hardware)

xskl's picture
Submitted by xskl on 12/07/2012

Stories similar to [other] Strange network traffic reported on /var/log/ufw.log

I understand that somebody would want to block incoming traffic as a general rule except for public resources. And I also understand that you could want to block all outgoing traffic except for certain external services.

But is there any serious security risk if I allow incoming traffic that represents responses to previous outgoing traffic, e.g. HTTP requests?

I've recently noticed a large number of recurring UFW blocks in my syslog.

I have a router that is connected to the internet. To that router we connect via LAN and WAN. WAN settings are up, router user/pass, router access is secured with WPA/WPA-2. I want to make some computers, to be connected to the router (lan or wan) and will be protected from the outside world.

What is the best way doing so ?

I recently have been getting hit by an attack that is very small around 70MBPS but causes TONS of upload...All signs point to ICMP. I realized in my firewall I have CSF firewall running on CentOS, that I had no limit on my outgoing ICMP rate...Woops. :P

Anything else I should block? We are primarily game servers so obviously blocking all incoming ICMP traffic is a no no. Or is it?

Strange display of IP address 13 weeks 2 days ago

Hello! I have configured eth0:

Code: # ifconfig eth0 eth0      Link encap:Ethernet  HWaddr A3:21:B2:12:A1:C1            inet addr:192.168.1.221  Bcast:192.168.1.255  Mask:255.255.255.0           inet6 addr: fe80::2e76:8aff:fe56:3eec/64 Scope:Link           UP BROADCAST RUNNIN

On a whim, I decided to let wireshark do a few captures because I noticed some strange, quick spikes in network use when I first log in. Anyway, I almost immediately receive a TCP packet from 91.189.94.25 (seems to be based in the Netherlands.) It sends a FIN, ACK package to me on port 50398 and I send an ACK back to it on port 80.

I have an Ubuntu machine acting as a router/Stateful Firewall/NAT for my internet connection. It has a couple of ethernet ports and a wireless network for my home network (eth5, eth7, eth10 and wlan1). It is connected with a DSL modem in bridged mode giving it a connection to the internet called ppp0.

How to change default network connection if I have multiple network adaptors on Ubuntu 11.10?

Output of netstat -rn

Code: Kernel IP routing table Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface 0.0.0.0        10.0.0.1        0.0.0.0        U

Hi all.

First I would like to explain my scenario and requirement.

I have 3 gateways in my office. I want to redirect all web traffic

(port 80 and 443) through one gateway and ssh connections through other

one. All machines have single network interface. For this what I did

is created an ip alias et0:1 and assigned ip to it.