I'm hoping someone can help me interpret some log entries that show up in my logs a couple of times a day. These systems are on an internal network and are not directly connected to the Internet. The rules that generate the log entries are:
iptables -A INPUT -i $EXT_INTERFACE -m state --state INVALID -m limit -j
LOG --log-prefix "Invalid: " --log-level 6
iptables -A INPUT -i $EXT_INTERFACE -m state --state INVALID -j DROP
The log entries are something like this (the Internet IP changes):
I'm not sure what it is telling me. These systems are internal servers and shouln't have any reason to contact the Internet except maybe for patching. Is this trying to tell me that my system (192.168.100.100) tried to talk to Internet_IP and got back a ICMP protocal unreachable.
This doesn't seem likely given what they are used for and the fact that there are no users or services on the servers that make any connections to the Internet. The square bracket info has me confused especially with PROTO=32. My thought is somehow a site on the Internet has crafted a packet that finds it's way inside the internal network. I am unsure how to interpret the log entry to figure out what's going on.