On Wed, 2007-05-16 at 07:55 -0400, Bob Goodwin - W2BOD wrote:
I get something similar to this in logged daily but do not understand
it's significance.
Obviously iptables is responding to these but what is it doing with
them? I don't see a threat there.
--------------------- iptables firewall Begin ------------------------
Logged 13 packets on interface eth0
From 192.168.1.22 - 2 packets to igmp(0) # Two dhcp computers on my LAN
From 192.168.1.24 - 4 packets to igmp(0)
From 216.126.204.45 - 7 packets to tcp(59993) # The ISP's server for mail/browsing
---------------------- iptables firewall End -------------------------
Any explanation appreciated.
IGMP is part of managing networks. Explaining it isn't easy to do
simply, but if it's from PCs that you trust, don't worry about it.
See: <http://en.wikipedia.org/wiki/IGMP>.
The high numbered one may simply be the port that your end used while
getting your mail (you connect from a random port outside of the
reserved ports to one of the usual reserved ports for that service).
The logging may be because there was some delay, and the connect was
after the period the system expected it to be completed within.
Alternatively, it could be logging everything, even things it doesn't
consider to be worrysome. We couldn't tell without seeing more logging
showing what else was going on at the time.
Ok, thanks, I have wondered about those high numbered ports to the
ISP's address, I sometimes have several reported. 