Hi all,
Today, I noticed a ton of strange entries in my shorewall log file (kern.log):
Apr 12 22:55:41 server kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:20:ed:5c:4c:cd:00:11:50:48:e4:a0:08:00 SRC=192.168.2.1 DST=192.168.2.2 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17 DPT=35035 LEN=59 Apr 12 22:56:06 server kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:20:ed:5c:4c:cd:00:11:50:48:e4:a0:08:00 SRC=192.168.2.1 DST=192.168.2.2 LEN=96 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=258 DPT=35038 LEN=76
There are around 2000 such entries, each having a different destination
port (larger than 35000) and most having a different source port (~15-400). I don't understand why the source IP is my router. The middle part of the MAC address (00:11:50:48:e4:a0) matches the internal
MAC address of my router. What does this mean?
Also, at the very end of these lines there is:
Apr 12 22:57:39 server kernel: eth0: link down Apr 12 22:57:41 server kernel: eth0: link up, 100Mbps, full-duplex, lpa
0x45E1 Apr 12 22:57:53 server kernel: eth0: link down Apr 12 22:57:55 server kernel: eth0: link up, 100Mbps, full-duplex, lpa 0x45E1Are these two events related?
Any insight would be greatly appreciated!
Thanks!
Jonathan