[AYUDA] Tal vez tenga un Intruso en la red
Gustavo Guillermo Perez
gustavo en compunauta.com
Mie Mayo 14 13:32:36 CDT 2008
Les comento algo raro que observo en el log de mi servidor, tengo un router en
la 3er red con la ip 192.168.3.254, el servidor tiene las direcciones IP
192.168.1.1 192.168.2.1 192.168.3.1, los tres cables de esas tarjetas de red
van a los mismos switchs no están físicamente separados,
http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/ifconfig.txt
el servicio DHCP provee direcciones ip a la red 1 y a una sola PC de la red 2
por medio del archivo dhcpd.conf.
http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/dhcpd.conf
El router es un 2wire de Telmez y en la red de area local detecta una PC sin
dirección ip asignada.
http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/Resumen_1210788317312.png
desactivé la red inalámbrica y el router no tiene DHCP activado.
La dirección mac del 2wire es la misma que aparece en el syslog
http://standards.ieee.org/regauth/oui/oui.txt
00-1B-5B (hex) 2Wire, Inc.
001B5B (base 16) 2Wire, Inc.
1704 Automation Parkway
San Jose CA 95131
UNITED STATES
Revisando las direcciones asignadas con la dirección MAC coincide con 2wire
http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/syslog.txt
Las direcciones IP de la red 3 no deberían existir más que la 192.168.3.3 que
es la que uso para entrar al router desde una PC con dos tarjetas de red.
Así que no creo que haya intrusos intentando usar el router, sino que el
router está enviando paquetes de algún tipo a la red interna, desactivando
dhcp detecto en una de las máquinas un paquete enviado por el 2wire
relacionado con dhclient.
Voy a repetir el proceso para ver y capturar ese paquete, ustedes que creen?
-----------------------------------------------------------------------------
tian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 13 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 35 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 15 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 33 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59458 DF PROTO=TCP
SPT=80 DPT=1138 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 19 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59460 DF PROTO=TCP
SPT=80 DPT=29447 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59461 DF PROTO=TCP
SPT=80 DPT=4216 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59463 DF PROTO=TCP
SPT=80 DPT=26450 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 23 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 27 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59482 DF PROTO=TCP
SPT=80 DPT=11704 WINDOW=0 RES=0x00 ACK RST URGP=0
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59485 DF PROTO=TCP
SPT=80 DPT=16326 WINDOW=0 RES=0x00 ACK RST URGP=0
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59486 DF PROTO=TCP
SPT=80 DPT=2293 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 21 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=63.210.142.9
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59506 DF PROTO=TCP
SPT=80 DPT=16659 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 31 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
usb 3-2: new low speed USB device using ohci_hcd and address 2
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
usb 3-2: configuration #1 chosen from 1 choice
input: USB Advance Mouse as /class/input/input7
usbcore: registered new interface driver usbkbd
drivers/hid/usbhid/usbkbd.c: :USB HID Boot Protocol keyboard driver
usbcore: registered new interface driver hiddev
input: USB Advance Mouse as /class/input/input8
input,hidraw0: USB HID v1.10 Mouse [USB Advance Mouse] on usb-0000:00:03.2-2
usbcore: registered new interface driver usbhid
drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 11 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 39 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59516 DF PROTO=TCP
SPT=80 DPT=25060 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59521 DF PROTO=TCP
SPT=80 DPT=4626 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 37 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=63.210.142.15
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59527 DF PROTO=TCP
SPT=80 DPT=7983 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 11 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-ACC-TCP IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232
DST=192.168.3.1 LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=18687 DF PROTO=TCP
SPT=49642 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18689 PROTO=UDP
SPT=49644 DPT=28795 LEN=23
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18691 PROTO=UDP
SPT=49644 DPT=28795 LEN=23
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18692 PROTO=UDP
SPT=49644 DPT=28795 LEN=23
printk: 9 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 33 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 21 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5929 DF PROTO=TCP SPT=80
DPT=9485 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 25 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=208.111.159.49
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5941 DF PROTO=TCP SPT=80
DPT=8636 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 23 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=208.101.32.192
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5963 DF PROTO=TCP SPT=80
DPT=29303 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 21 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 33 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5998 DF PROTO=TCP SPT=80
DPT=8808 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 13 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=6016 DF PROTO=TCP SPT=80
DPT=5248 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 35 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-OUT-ERROR IN= OUT=eth1 SRC=192.168.2.1 DST=192.168.2.127 LEN=40
TOS=0x00 PREC=0x00 TTL=64 ID=380 DF PROTO=TCP SPT=3128 DPT=2832 WINDOW=9549
RES=0x00 ACK FIN URGP=0
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT=
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=6033 DF PROTO=TCP SPT=80
DPT=21483 WINDOW=0 RES=0x00 ACK RST URGP=0
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 39 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 13 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
ifconfig en el server
eth0 Link encap:Ethernet HWaddr 00:16:EC:84:6F:9D
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:ecff:fe84:6f9d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:627815 errors:0 dropped:0 overruns:0 frame:0
TX packets:1012991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54988539 (52.4 Mb) TX bytes:1448920675 (1381.7 Mb)
Interrupt:19 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:60:6E:70:1F:B1
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::260:6eff:fe70:1fb1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36996 errors:0 dropped:0 overruns:0 frame:0
TX packets:26891 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6507749 (6.2 Mb) TX bytes:22470554 (21.4 Mb)
Interrupt:17 Base address:0xe400
eth2 Link encap:Ethernet HWaddr 00:60:6E:70:1F:D5
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::260:6eff:fe70:1fd5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1018239 errors:0 dropped:0 overruns:0 frame:0
TX packets:765511 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1445692256 (1378.7 Mb) TX bytes:74486907 (71.0 Mb)
Interrupt:18 Base address:0xe800
--
Gustavo Guillermo Pérez
Compunauta uLinux
www.compunauta.com
--~--~---------~--~----~------------~-------~--~----~
Has recibido este mensaje porque estás suscrito a Grupo "ayuda-linux"
de Grupos de Google.
Si quieres publicar en este grupo, envía un mensaje de correo
electrónico a ayuda-linux en googlegroups.com
Para anular la suscripción a este grupo, envía un mensaje a
ayuda-linux-unsubscribe en googlegroups.com
Para obtener más opciones, visita este grupo en
http://groups.google.es/group/ayuda-linux?hl=es. o http://www.compunauta.com/ayuda/
-~----------~----~----~----~------~----~------~--~---
Más información sobre la lista de distribución Ayuda