On Wed, 2007-05-16 at 07:55 -0400, Bob Goodwin - W2BOD wrote: > I get something similar to this in logged daily but do not understand > it's significance. > > Obviously iptables is responding to these but what is it doing with > them? I don't see a threat there. > > --------------------- iptables firewall Begin ------------------------ > > Logged 13 packets on interface eth0 > From 192.168.1.22 - 2 packets to igmp(0) # Two dhcp computers on my LAN > From 192.168.1.24 - 4 packets to igmp(0) > From 216.126.204.45 - 7 packets to tcp(59993) # The ISP's server for mail/browsing > > ---------------------- iptables firewall End ------------------------- > > Any explanation appreciated. IGMP is part of managing networks. Explaining it isn't easy to do simply, but if it's from PCs that you trust, don't worry about it. See: <http://en.wikipedia.org/wiki/IGMP>. The high numbered one may simply be the port that your end used while getting your mail (you connect from a random port outside of the reserved ports to one of the usual reserved ports for that service). The logging may be because there was some delay, and the connect was after the period the system expected it to be completed within. Alternatively, it could be logging everything, even things it doesn't consider to be worrysome. We couldn't tell without seeing more logging showing what else was going on at the time. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
