Need help to interp kernel log message.
Roman Neuhauser
neuhauser at bellavista.cz
Mon Sep 15 00:09:02 PDT 2003
# webmaster at swedehost.com / 2003-09-12 05:37:17 +0200:
> I 've got a message in my logfiles that I don't understand.
> The ip-addresses are none that I'm to my knowing are associated with.
> Wonder what it is or if it's anything to worry about.
>
> odin.swedehost.com kernel log messages:
> > icmp redirect from 65.104.98.146: 204.152.184.189 => 65.104.98.145
>
> Checking up on the above Ip-addresses don't ring any bells ider.
Looks like your machine was sending traffic to 204.152.184.189, and
an intermediate host at 65.104.98.146 sent an ICMP redirect message
telling it to send them to 65.104.98.145 instead. See RFC 792.
As for security concerns: any packet might have the source address
spoofed, and obeying ICMP type 5 messages in a hostile environment
(like the internet) means you're giving your network traffic out for
public consumption.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
More information about the freebsd-questions
mailing list