cancel
Showing results for 
Search instead for 
Did you mean: 

IPCop crashing

N/A

IPCop crashing

Hey guys. New to the forum, but wanted to see if anyone could work out what this is all about... twice now since switching to F9 my IPCop 1.3 has crashed overnight... its not getting hot, as far as I know the hardware is all good... and in the logs I got this earlier this morning when it happened again...

02:55:05 kernel INPUT IN=eth1 OUT= MAC=00:a0:cc:20:7a:b3:00:50:ba:98:de:0d:08:00 SRC=80.229.167.144 DST=123.1.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=30238 DF PROTO=TCP SPT=4079 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

When I DNS lookup 80.229.167.144 I get dennyland.plus.com

First of all what is dennyland.plus.com? Its obviously something on the F9/PlusNet network but what? Could it be responsible for crashing a firewall??

Matt
1 REPLY
N/A

IPCop crashing

"dennyland" is the username of the PlusNet user whose public IP address is 80.229.167.144. (Just as "hcswales" is the username of the Force9 user whose public IP address is 80.229.220.143 -> hcswales.force9.co.uk.)

I notice the destination port ("DPT") is the notorious 445, which I thought Force9/PlusNet was requiring users to block? I believe you're therefore entitled to report this to PlusNet as an example of abuse.

Is that 123.1.2.2 the real address that was shown, or is it one you've made up for the sake of posting here?

The "OUT=" is interesting as it may suggest IPCop didn't know what to do with the packet, or, perhaps, it's IPCop's way of indicating it's going to drop the packet?

Can't say I understand the 14-octet MAC address, either -- is that two MAC addresses combined in some way? Perhaps someone else will explain that!