[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b1 Unusual Firewall Log Entries Since Upgrade
 Date:  Tue, 19 Dec 2006 02:20:57 -0500
On 12/19/06, sai <sonicsai at gmail dot com> wrote:
>
> That looks like a loop. Maybe your ISP has a misconfig there.
>

Yeah, they have a routing loop for that particular network.  Original
poster reached the limit of 30 hops after numerous hops between the
same two routers.  If you ping that IP, you should get a "TTL expired
in transit" message.

I think I would report this to my ISP if I were you.  I'm sure any
decent sized ISP probably gets dozens if not hundreds of emails a day
from wanna-be-network-engineer gamers and the like who think they know
how the entire network needs to be reconfigured based on their ping
times, when in reality they couldn't even begin to describe how a ping
even works and have never heard of ICMP.  Point being, they probably
/dev/null all those emails, so I wouldn't expect any response.  It's
worth a shot though.

I'd explain what you're seeing in your firewall logs, and attach a
decent sampling of the log data, and explain that when attempting to
reach that particular network you hit a routing loop.

Since your ISP appears to have a routing loop, at least outbound, for
that subnet, it's probably safe to assume it originated somewhere
within your first 6 hops.  In this case, that's somewhere inside your
ISP's network.  Could be a customer doing something stupid that they'd
want to know about.

-Chris