IP fw-in deny eth0 UDP

To: debian-firewall@lists.debian.org
Subject: IP fw-in deny eth0 UDP
From: Paul Tod Rieger <prie@abl.com>
Date: Sun, 8 Oct 2000 11:17:33 -0400
Message-id: <[🔎] E13iICj-0003vf-00@www.abl.com>

What does someone do in order to produce these log messages?
Is it someone trying a UDP exploit?  Or just someone with
a misconfigured system/application on my cable-modem (eth0)
network?  (slink ipmasq'd firewall/router; eth1 internal LAN)

Oct  6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
Oct  6 23:17:55 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4413 255.255.255.255:47624 L=80 S=0x00 I=14055 F=0x0000 T=128
Oct  6 23:18:00 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4414 255.255.255.255:47624 L=80 S=0x00 I=14056 F=0x0000 T=128


and then 21 more:

Oct  7 00:00:32 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4440 255.255.255.255:47624 L=80 S=0x00 I=14633 F=0x0000 T=128
[...]
Oct  7 00:02:13 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4460 255.255.255.255:47624 L=80 S=0x00 I=14655 F=0x0000 T=128

Just curious....  I still seem to have root access.  :-)

Tod
abl.com

Reply to:

Follow-Ups:
- Re: IP fw-in deny eth0 UDP
  - From: "Robert Davies" <Rob_Davies@NTLWorld.Com>

Prev by Date: Re: port forward to MS Exchange IMAP
Next by Date: Re: IP fw-in deny eth0 UDP
Previous by thread: Re: port forward to MS Exchange IMAP
Next by thread: Re: IP fw-in deny eth0 UDP
Index(es):
- Date
- Thread