Answer the question
In order to leave comments, you need to log in
A
A
Alex2015-02-19 15:12:58
Alex, 2015-02-19 15:12:58
What do the entries in kern.log and syslog AIF:(PRIV | UNPRIV) TCP packet mean? And what does it threaten?
Hello. There is a web server under Ubuntu 14.04
There are a lot of such entries in kern.log and similar entries in syslog
:
kernel: AIF:UNPRIV TCP packet: IN=eth0 OUT= MAC= SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=
kernel: AIF:PRIV TCP packet: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35
kernel: AIF:ICMP-request: IN=eth0 OUT= MAC= SRC= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF
kernel: AIF:UNPRIV TCP packet: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC =0x00 TTL=58 ID=
What do they mean?
Do I need to do something about it?
Why is this "terrible" for the web server and, accordingly, the site?
I can assume that these entries are somehow related to changes insysctl.conf or with arno iptables firewall , but what to change, analyze, where to look? I don't understand any of this, that's why I'm asking.
1 answer(s)
@keshonok
K
keshonok, 2015-05-11 @keshonok
AIF stands for " Arno's iptables-firewall" . UNPRIV means that AIF has detected a call to a destination port higher than 1024. That is, the presence of such entries is related to arno iptables firewall .
But to say what to do with it, and whether it is necessary to do something at all, from the information given in the question is not possible.
Similar questions
P
R
V
Vladislav2020-10-01 15:39:27
Is there a script to automatically configure the server from scratch?
1Reply
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question