> got something in my tcpdump logs that I hadn't seen before. From about
> 1am till 5am, every half hour, I got an entry like this :
>> 00:44:20.137989 165.21.XX.XXX > 220.127.116.11: icmp: host 155.69.X.XXX
> unreachable - admin prohibited filter
>> (The uncensored IP address was my own dialup address)
Your machine tried to send an IP packet to 155.69.x.xxx. The
intermediate router at 165.21.xx.xxx was configured to reject
that type of packet, and send back 'admin prohibited filter'
in the ICMP packet with the reason.
For example, Linux IP 'reject' firewalling rules send back
these ICMP packets. 'deny' rules just silently drop traffic.
Ever seen this in a traceroute?
12 18.104.22.168 (22.214.171.124) 28.370 ms !X 79.128 ms !X 47.116 ms
Those !X things mean 'admin prohibited filter'. In other words,
an admin has configured a router or host to reject that type of
Look back a few seconds through the tcpdump logs and see what
you tried to send to 155.69.x.xxx. That should give you a
clue as to what generated the traffic.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!