Topic: RABHIT in the /var/log/messages log (Read 2232 times)

dynaweb · « **on:** September 08, 2007, 10:36:22 AM »

I am getting a strange message recurring in my /var/log/messages log file.

[FONT="Courier New"][COLOR="Black"]Sep 8 11:24:07 cp2 kernel: ** RABHIT ** IN=eth0 OUT= MAC=00:30:48:42:5f:10:00:12:80:4c:79:7f:08:00 SRC=201.22.15.112 DST=70.84.212.27 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9531 PROTO=TCP SPT=113 DPT=38261 WINDOW=0 RES=0x00 ACK RST FIN URGP=0[/COLOR][/FONT]

What is the meaning of this? I cannot find the answer anywhere on the internet. Thanks.

ctwjr · « **Reply #1 on:** June 13, 2008, 10:18:59 AM »

If you are running APF (Advanced Policy Firewall) it is most likely a message originating from that service. According to APF, "reactive address blocking (RAB), next generation in-line intrusion prevention". So I believe a RABHIT is an indication that a block is taking place.

News:

Author Topic: RABHIT in the /var/log/messages log (Read 2232 times)

dynaweb

RABHIT in the /var/log/messages log

ctwjr

RABHIT in the /var/log/messages log