| Deutsch English Français Italiano |
|
<tfnflo$298nv$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail From: =?UTF-8?Q?Fran=c3=a7ois_Patte?= <francois.patte@mi.parisdescartes.fr> Newsgroups: fr.comp.os.linux.configuration Subject: =?UTF-8?B?UmU6IElQIHByaXbDqXMgcm91dMOpcz8=?= Date: Mon, 12 Sep 2022 16:28:06 +0200 Organization: A noiseless patient Spider Lines: 62 Message-ID: <tfnflo$298nv$1@dont-email.me> References: <tfhftg$1b4o0$1@dont-email.me> <tfn9ck$po2$1@ns507557.dodin.fr.nf> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Mon, 12 Sep 2022 14:28:08 -0000 (UTC) Injection-Info: reader01.eternal-september.org; posting-host="0157ff67ec56838536cc2a5bde8702bb"; logging-data="2401023"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+JnxXj+C84HcN0KnAcipik" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Cancel-Lock: sha1:ZrYN7BBbveHQECzspJ73F2lgOCg= In-Reply-To: <tfn9ck$po2$1@ns507557.dodin.fr.nf> Content-Language: fr-FR Bytes: 4139 Le 12/09/2022 à 14:40, Pascal Hambourg a écrit : > Le 10/09/2022 à 09:55, François Patte a écrit : >> >> Dans les rapports logwatch concernant iptables, j'ai de temps en temps >> des ip privés qui envoient des paquets vers des ports de ma machine: >> >> --------------------- iptables firewall Begin >> >> Listed by source hosts: >> Logged 91 packets on interface enp3s0 >> <couic> >> From 10.187.5.127 - 6 packets to udp(56386) >> From 10.95.90.201 - 9 packets to udp(44869,49924,57148) > > Est-il possible de voir les messages d'iptables correspondants dans les > logs du noyau pour voir si ce sont vraiment des paquets UDP ou des > paquets d'erreur ICMP reçus en réponse à des paquets UDP émis par la > machine qui seraient mal interprétés par logwatch ? Sep 9 00:07:21 bertuccio kernel: [3912269.923468] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43026 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 Sep 9 00:07:22 bertuccio kernel: [3912270.402931] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43060 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 Sep 9 00:07:22 bertuccio kernel: [3912270.726868] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43069 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 Sep 9 00:07:24 bertuccio kernel: [3912272.812116] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43158 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 Sep 9 00:07:27 bertuccio kernel: [3912276.008570] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43413 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 Sep 9 00:07:31 bertuccio kernel: [3912279.214375] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.187.5.127 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=43439 DF PROTO=UDP SPT=38181 DPT=56386 LEN=104 ou encore: Sep 8 08:26:53 bertuccio kernel: [3855839.067702] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.95.90.201 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=7240 DF PROTO=UDP SPT=42096 DPT=44869 LEN=104 Sep 8 08:26:54 bertuccio kernel: [3855839.433694] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.95.90.201 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=7260 DF PROTO=UDP SPT=42096 DPT=44869 LEN=104 Sep 8 08:26:54 bertuccio kernel: [3855839.888962] IN=enp3s0 OUT= MAC=d4:5d:64:ab:7f:5f:48:fd:a3:b2:d6:02:08:00 SRC=10.95.90.201 DST=192.168.1.16 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=7303 DF PROTO=UDP SPT=42096 DPT=44869 LEN=104 -- François Patte Université Paris Descartes