Apr 17 00:32:31 malice kernel: Packet log: input REJECT eth0 PROTO=6 192.168.25.3:2351 172.16.50.3:111 L=60 S=0x00 I=45086 F=0x4000 T=45 SYN (#8)
Log Structure:
| Apr 17 00:32:31 | System Date | ||
| malice kernel | Machine Name* | ||
| Packet log | Options (log) | ||
| input REJECT | Traffic Direction /Target | ||
| eth0 | Interface | ||
| PROTO=6 | Protocol Number | ||
| 192.168.25.3:2351 | Source Address/Source Port | ||
| 172.16.50.3:111 | Dest Address/Dest Port | ||
| L=60 | Packet Length (bytes) | ||
| S=0x00 | TOS (Type Of Service) | ||
| I=45086 | IP-ID (increments per packet) | ||
| F=0x4000 | Flags (3 bits) and Fragment offset (13 bits) | ||
| T=45 | Time to live (TTL) number of hops before discarded | ||
| SYN | Traffic Type - Beginning of a connection | ||
| (#8) | Rule Number |
*Packets are processed at the kernel before reaching the OS, between layers 2 and 3.
REJECT - will send an ICMP Type 3 code 1 for each attempt.
Rule -- ipchains -A input -p tcp -d 172.16.50.3 111 -j REJECT -l
Basic Rule Structure:
| ipchains | -A | input | -p tcp | -d 172.16.50.3 | 111 | -j | REJECT -l | |||||
| A - Append | output | tcp | -d destination | port(s) | Jump | ACCEPT | ||||||
| I - Insert | udp | -s source | DENY | |||||||||
| D - Delete | REJECT |