strange message from syslogd

Gregory Nowak greg at romuald.net.eu.org
Sat Jul 2 00:48:10 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I maybe wrong, but that looks like something is sending out dhcp
requests, which your box is picking up on the eth0 interface. Come to
think of it, it looks like a machine on your network is sending out
bootp requests, instead of dhcp requests.

The packets are obviously being logged, but I can't tell if they're
being dropped or allowed through. If you don't have any machines using
bootp, figure out which one is trying to use bootp, and disable
it. It's also possible that the bootp is being done by a network
card's eprom, in which case you maybe able to disable it via removing
the network card's eprom chip, changing your network card's internal
settings (probably with a DOS utility), or by disabling network
booting in BIOS. Hth somewhat.

Greg


On Sat, Jul 02, 2005 at 12:15:43AM -0400, Lorenzo Taylor wrote:
> I have just installed a new firewall and am receiving this strange message from
> syslogd sent to all consoles:
> 
> Message from syslogd at taylor at Sat Jul  2 00:06:44 2005 ...
> taylor vmunix: <4>IN-unknown:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:2a:ce:24:54:08:00 SRC=10.40.32.1 DST=255.255.255.255 LEN=395 TOS=0x00 PREC=0x00 TTL=255 ID
> =9790 PROTO=UDP SPT=67 DPT=68 LEN=375
> 
> This is one example.  They come 3 or 4 times a day and all look similar to this.
> 
> It may seem like a N00B question, but is this a problem?  Can I stop the messages
> from being written to all consoles and only have them logged?
> 
> Another N00B question: What is this message saying happened to the packet?  Is it
> being dropped, accepted and logged or something entirely different?  There is a
> corresponding syslog entry that looks exactly the same but without the message
> header.
> 
> Thanks for any help,
> Lorenzo
> -- 
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCS d- s:+ a- C+++ UL++++ P+ L+++ E- W++ N o K- w---
> O M V- PS+++ PE Y+ PGP++ t++ 5+ X+ R tv-- b++ DI-- D+
> G e* h---- r+++ y+++
> ------END GEEK CODE BLOCK------
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 
> !DSPAM:42c6152982731840976523!
> 
> 

- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFCxhyK7s9z/XlyUyARAlLDAKDVldvEpPED8fsQnenFO7M0WHfSmgCdGub2
LGXooi9kRp0fMR7XWEgGRCU=
=hn9D
-----END PGP SIGNATURE-----

More information about the Speakup mailing list