Quoted from another thread....
caker wrote:
Our internal network configuration prevents other Linodes from being able to sniff traffic on the LAN. So, I don't really see the use of encrypting the traffic...
If this is the case, why is my firewall blocking a whole boat load of packets from a Private IP that isn't mine?
Code:
Apr 22 15:20:00 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Apr 22 15:32:01 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=243 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=223
Apr 22 15:32:01 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Apr 22 15:44:01 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=243 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=223
Apr 22 15:44:01 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Apr 22 15:56:02 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=243 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=223
Apr 22 15:56:02 platypus kernel: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=215
There are quite a lot of these:
Code:
fukawi2@platypus ~ $ grep -c '192.168.139.100' /var/log/messages.log
1726
Of course, now that the private network is an alias on eth0 instead of a separate interface, I can't guarantee these aren't spoofed packets from the BBI (Big Bad Intarwebs), but if that were the case, I find it very coincidental that the person doing the spoofing knows the address space of the private network on my host...
I'm not really bothered, my firewall (obviously) blocks everything that isn't from my other Linode, and the only traffic I send across the private lan is some ssh traffic occasionally, but if there's a bug or whatever, then it probably wants to be reported
