[AYUDA] Re: Tal vez tenga un Intruso en la red

Miguel Cardenas warlockxxi en yahoo.com
Jue Mayo 15 09:04:44 CDT 2008 

Hola

El 2wire es una porqueria, no se exactamente a que se deba tu problema pero hasta donde se el 2wire puede ser reprogramado DESDE AFUERA, telmex le puede mover a tu configuracion e incluso cambiarte el password en el router, ignoro como lo hagan pero es un hecho que lo hacen para "actualizarte" o "desactivar tu conexion" cuando pagas mas barato con bandwidth mensual limitado y lo rebasas (muy chafa solucion por cierto, pero te estan accesando del exterior y si ellos pueden teoricamente cualquiera tambien).

Por otro lado tiene agujeros de seguridad que lo hacen ver muy pi...ñata, no tengo la direccion a mano donde esta el reporte de seguridad sobre el 2wire realizado por la UNAM (tambien encuentras mas referencias en google), otra tecnica ataca tu router DESDE ADENTRO DE TU PROPIA RED, te llega el clasico mail de que ganaste un premio, el de viejas en canicas, el mas bobo de que recibiste una tarjeta (particularmente de gusanito.com) o cualquier cosa curiosa, estos no te envian un archivo EXE oculto como los virus, de hecho te muestran realmente un articulo informativo o tarjeta animada como si fuera real, pero tiene codigo oculto detras que envia comandos al 2wire (via http://...) ya desde tu red local desde tu propio navegador y lo reconfigura, cambia el password de acceso al router, agrega entradas estaticas en el area de DNS (sobre todo con dominios de bancos) que hacen "override" de la resolucion DNS y toma la ip de esta lista... Esto no tiene
 solucion, cualquiera que navegue y abra un sitio que contenga este tipo de codigo oculto modificara la configuracion (incluso abrir puertos, cualquier cosa hasta donde se), si es una red de trabajo la mejor opcion es revisar todos los dias la configuracion del 2wire y echarle un ojo a los logs del router, nimodo asi es esto :-/

En fin es una porqueria, yo ando juntando una lanita para comprar otro mejorcito o de perdida "menos peor" pues las referencias de 2wire lo pintan como de lo mas chafa que hay...

Supongo que esto no es la causa de tu problema para este caso particular pero igual hay que tenerlo en cuenta.

Saludos y suerte

----- Original Message ----
From: Gustavo Guillermo Perez <gustavo en compunauta.com>
To: ayuda-linux en googlegroups.com
Sent: Wednesday, May 14, 2008 1:32:36 PM
Subject: [AYUDA] Tal vez tenga un Intruso en la red


Les comento algo raro que observo en el log de mi servidor, tengo un router en 
la 3er red con la ip 192.168.3.254, el servidor tiene las direcciones IP 
192.168.1.1 192.168.2.1 192.168.3.1, los tres cables de esas tarjetas de red 
van a los mismos switchs no están físicamente separados,

http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/ifconfig.txt

el servicio DHCP provee direcciones ip a la red 1 y a una sola PC de la red 2 
por medio del archivo dhcpd.conf.

http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/dhcpd.conf

El router es un 2wire de Telmez y en la red de area local detecta una PC sin 
dirección ip asignada.

http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/Resumen_1210788317312.png

desactivé la red inalámbrica y el router no tiene DHCP activado.

La dirección mac del 2wire es la misma que aparece en el syslog

http://standards.ieee.org/regauth/oui/oui.txt

00-1B-5B   (hex)        2Wire, Inc.
001B5B     (base 16)        2Wire, Inc.
                1704 Automation Parkway
                San Jose CA 95131
                UNITED STATES
Revisando las direcciones asignadas con la dirección MAC coincide con 2wire

http://ulinux.no-ip.org:8080/gusgus/fotolog/proyectos/intruso/syslog.txt

Las direcciones IP de la red 3 no deberían existir más que la 192.168.3.3 que 
es la que uso para entrar al router desde una PC con dos tarjetas de red.


Así que no creo que haya intrusos intentando usar el router, sino que el 
router está enviando paquetes de algún tipo a la red interna, desactivando 
dhcp detecto en una de las máquinas un paquete enviado por el 2wire 
relacionado con dhclient. 

Voy a repetir el proceso para ver y capturar ese paquete, ustedes que creen?


-----------------------------------------------------------------------------
tian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 13 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 35 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 15 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 33 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59458 DF PROTO=TCP 
SPT=80 DPT=1138 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 19 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59460 DF PROTO=TCP 
SPT=80 DPT=29447 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59461 DF PROTO=TCP 
SPT=80 DPT=4216 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59463 DF PROTO=TCP 
SPT=80 DPT=26450 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 23 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 27 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59482 DF PROTO=TCP 
SPT=80 DPT=11704 WINDOW=0 RES=0x00 ACK RST URGP=0 
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59485 DF PROTO=TCP 
SPT=80 DPT=16326 WINDOW=0 RES=0x00 ACK RST URGP=0 
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59486 DF PROTO=TCP 
SPT=80 DPT=2293 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 21 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=63.210.142.9 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59506 DF PROTO=TCP 
SPT=80 DPT=16659 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 31 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
usb 3-2: new low speed USB device using ohci_hcd and address 2
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
usb 3-2: configuration #1 chosen from 1 choice
input: USB Advance  Mouse as /class/input/input7
usbcore: registered new interface driver usbkbd
drivers/hid/usbhid/usbkbd.c: :USB HID Boot Protocol keyboard driver
usbcore: registered new interface driver hiddev
input: USB Advance  Mouse as /class/input/input8
input,hidraw0: USB HID v1.10 Mouse [USB Advance  Mouse] on usb-0000:00:03.2-2
usbcore: registered new interface driver usbhid
drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 11 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 39 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59516 DF PROTO=TCP 
SPT=80 DPT=25060 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59521 DF PROTO=TCP 
SPT=80 DPT=4626 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 37 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=63.210.142.15 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=59527 DF PROTO=TCP 
SPT=80 DPT=7983 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 11 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-ACC-TCP IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232 
DST=192.168.3.1 LEN=48 TOS=0x08 PREC=0x00 TTL=109 ID=18687 DF PROTO=TCP 
SPT=49642 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) 
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232 
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18689 PROTO=UDP 
SPT=49644 DPT=28795 LEN=23 
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232 
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18691 PROTO=UDP 
SPT=49644 DPT=28795 LEN=23 
SuSE-FW-INext-DROP-DEFLT IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=66.98.86.232 
DST=192.168.3.1 LEN=43 TOS=0x00 PREC=0x00 TTL=109 ID=18692 PROTO=UDP 
SPT=49644 DPT=28795 LEN=23 
printk: 9 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 33 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 21 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5929 DF PROTO=TCP SPT=80 
DPT=9485 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 25 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=208.111.159.49 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5941 DF PROTO=TCP SPT=80 
DPT=8636 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 23 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=208.101.32.192 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5963 DF PROTO=TCP SPT=80 
DPT=29303 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 21 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 33 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=5998 DF PROTO=TCP SPT=80 
DPT=8808 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 13 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=6016 DF PROTO=TCP SPT=80 
DPT=5248 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 35 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-OUT-ERROR IN= OUT=eth1 SRC=192.168.2.1 DST=192.168.2.127 LEN=40 
TOS=0x00 PREC=0x00 TTL=64 ID=380 DF PROTO=TCP SPT=3128 DPT=2832 WINDOW=9549 
RES=0x00 ACK FIN URGP=0 
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
SuSE-FW-INext-DROP-DEFLT-INV IN=eth2 OUT= 
MAC=00:60:6e:70:1f:d5:00:1b:5b:a5:9b:b9:08:00 SRC=132.248.181.148 
DST=192.168.3.1 LEN=40 TOS=0x08 PREC=0x00 TTL=255 ID=6033 DF PROTO=TCP SPT=80 
DPT=21483 WINDOW=0 RES=0x00 ACK RST URGP=0 
printk: 7 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 39 messages suppressed.
martian source 192.168.1.255 from 192.168.1.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:16:ec:84:6f:9d:08:00
printk: 13 messages suppressed.
martian source 192.168.3.1 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 5 messages suppressed.
martian source 192.168.3.2 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.71 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06
printk: 9 messages suppressed.
martian source 192.168.3.155 from 192.168.3.254, on dev eth1
ll header: ff:ff:ff:ff:ff:ff:00:1b:5b:a5:9b:b9:08:06

ifconfig en el server
eth0      Link encap:Ethernet  HWaddr 00:16:EC:84:6F:9D  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::216:ecff:fe84:6f9d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:627815 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1012991 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:54988539 (52.4 Mb)  TX bytes:1448920675 (1381.7 Mb)
          Interrupt:19 Base address:0xe000 

eth1      Link encap:Ethernet  HWaddr 00:60:6E:70:1F:B1  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::260:6eff:fe70:1fb1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:36996 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26891 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6507749 (6.2 Mb)  TX bytes:22470554 (21.4 Mb)
          Interrupt:17 Base address:0xe400 

eth2      Link encap:Ethernet  HWaddr 00:60:6E:70:1F:D5  
          inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::260:6eff:fe70:1fd5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1018239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:765511 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1445692256 (1378.7 Mb)  TX bytes:74486907 (71.0 Mb)
          Interrupt:18 Base address:0xe800 

-- 
Gustavo Guillermo Pérez
Compunauta uLinux
www.compunauta.com



      

--~--~---------~--~----~------------~-------~--~----~
Has recibido este mensaje porque estás suscrito a Grupo "ayuda-linux"
de Grupos de Google.
Si quieres publicar en este grupo, envía un mensaje de correo
electrónico a ayuda-linux en googlegroups.com
Para anular la suscripción a este grupo, envía un mensaje a
ayuda-linux-unsubscribe en googlegroups.com
Para obtener más opciones, visita este grupo en
http://groups.google.es/group/ayuda-linux?hl=es. o http://www.compunauta.com/ayuda/
-~----------~----~----~----~------~----~------~--~---

Más información sobre la lista de distribución Ayuda