Re: IP fw-in deny eth0 UDP

To: <debian-firewall@lists.debian.org>
Subject: Re: IP fw-in deny eth0 UDP
From: "Paul Tod Rieger" <prie@abl.com>
Date: Mon, 9 Oct 2000 10:32:39 -0400
Message-id: <[🔎] 004401c031fd$c6c59ba0$0404a8c0@abl.com>
References: <[🔎] E13iICj-0003vf-00@www.abl.com> <[🔎] 000201c0314f$b41498c0$73c9fea9@oak>

"Robert Davies" <Rob_Davies@NTLWorld.Com> wrote:

> > Oct  6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412
> > 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
>
> Is there DHCP knocking around?  Believe 255.255.255.255 broadcasts
> used by it.

Yes, I have seen BOOTP traffic.  However, these recent messages are
different in several ways:

1) the loopback address 127.0.0.1 is used (before, it was various class C
IPs)

2) the ports are 4412 and 47624 (before, they were the BOOTP ports 67 and
68)

3) the port 4412 is actually incremented, up to 4460, like in a scan
(before, only the first, class C, IP address changed -- the ports stayed the
same)


The only typical services I could find in that range were:

krb524            4444/udp   # Kerberos 5 to 4 ticket xlator
nv-video          4444/udp   # NV video

Tod
abl.com

Reply to:

Follow-Ups:
- Re: IP fw-in deny eth0 UDP
  - From: erich.schubert@mucl.de

References:
- IP fw-in deny eth0 UDP
  - From: Paul Tod Rieger <prie@abl.com>
- Re: IP fw-in deny eth0 UDP
  - From: "Robert Davies" <Rob_Davies@NTLWorld.Com>

Prev by Date: Re: NTP secure
Next by Date: Re: Re: NTP secure
Previous by thread: Re: IP fw-in deny eth0 UDP
Next by thread: Re: IP fw-in deny eth0 UDP
Index(es):
- Date
- Thread