I keep getting the same kernel messages from a few of my linux servers EVERY
DAY:
Kernel Messages:
1,7c1
< ksum from 63.94.31.225!
< IP_MASQ:reverse ICMP: failed checksum from 63.94.31.225!
< IP_MASQ:reverse ICMP: failed checksum from 141.198.38.114!
< IP_MASQ:reverse ICMP: failed checksum from 63.94.31.225!
< IP_MASQ:reverse ICMP: failed checksum from 63.94.31.225!
< IP_MASQ:reverse ICMP: failed checksum from 63.94.31.225!
< IP_MASQ:reverse ICMP: failed checksum from 65.205.2.1!
the IP's however, are not consistent. Usually different IP's every day.
I've tried to look this up, but am having a hard time finding information on
what this means. Kinda looks like someone from the outside world is
spoofing IP's, sending ICMP traffic to the server, but when the server tries
to verify with a reverse lookup it flags and says "I don't like ICMP traffic
from this address because it looks suspicious!" Any ideas anyone?
Miles Stevenson
QuickHire Network Support Specialist
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Nov 01 2001
Intro
