[psad-discuss] 0.0.0.0 alerts/newbie
Brought to you by:
mbr
From: Paul v. L. <pa...@ea...> - 2004-08-26 15:17:56
|
Hi, I just installed psad 1.3.2 on my machine (having also bastille to set up= the firewall).=20 It seems to work fine, but it sends me lots of messages concerning traffi= c from 0.0.0.0 to=20 255.255.255.255. I guess this is net requests for dhcp/bootp.=20 The content of the message is reproduced below. Can someone tell me how to fix this ? I'd be gratefull if my mailbox is n= o longer=20 flooded by these messages. Thanks, Paul. =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Thu Aug 26 16:36:26 2004 = =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D ** psad: Suspicious traffic detected against 255.255.255.255 Danger level: [3] (out of 5)=20 Scanned udp ports: [67: 2 packets, Nmap: -sU] Iptables chain: INPUT (prefix "PUB_IN DROP 5"), 2 packets Source: 0.0.0.0 DNS: [No reverse dns info available] Destination: 255.255.255.255 DNS: [No reverse dns info available] Syslog hostname: pcvsf21 Current interval: Thu Aug 26 16:36:11 2004 (start) Thu Aug 26 16:36:26 2004 (end) Overall scan start: Thu Aug 26 16:04:24 2004 Total email alerts: 50 Complete udp range: [67] chain: interface: tcp: udp: icmp: =20 INPUT eth0 0 78 0 =20 ** Whois Information: ** No whois server is known for this kind of object. =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Thu Aug 26 16:36:26 2004 = =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D --=20 ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm |