Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- strange packets from 192.168.1.126
- Kevin VW
February 21, 2008, 5:58 pm
rate this thread
I've recently noticed some packets coming in on port 22 (sshd) on my
external interface from the 192.168.1.0/24 network. I don't have any
local machines on this network and the packets are coming in on my WAN
interface (via my router). How is that possible? My understanding was
that this network was not routeable from the internet. I'm guessing
someone is try to get at my sshd server. Below are the packets. Is
there any way to get more info on where they are coming from?
Feb 20 20:02:14 tti kernel: iptables chain hostile: IN=eth1 OUT=
DST=172.16.251.61 LEN=228 TOS=0x10 PREC=0x00 TTL=47 ID=19109 DF
PROTO=TCP SPT=38196 DPT=22 WINDOW=16022 RES=0x00 ACK PSH FIN URGP=0
I'm using iptables on a 2.6 Linux box.
Re: strange packets from 192.168.1.126
This seems to be the result of a packet that was sent with a bad
(intentionally or not) source IP address. It could have "escaped" from
someone's LAN due to a misconfigured masquerading router. The network
typically doesn't do anything with the source address except pass it
along. Of course, the connection can't work, since you don't have the
right address to reply to.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum