Re: IP fw-in deny eth0 UDP
"Robert Davies" <Rob_Davies@NTLWorld.Com> wrote:
> > Oct 6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412
> > 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
>
> Is there DHCP knocking around? Believe 255.255.255.255 broadcasts
> used by it.
Yes, I have seen BOOTP traffic. However, these recent messages are
different in several ways:
1) the loopback address 127.0.0.1 is used (before, it was various class C
IPs)
2) the ports are 4412 and 47624 (before, they were the BOOTP ports 67 and
68)
3) the port 4412 is actually incremented, up to 4460, like in a scan
(before, only the first, class C, IP address changed -- the ports stayed the
same)
The only typical services I could find in that range were:
krb524 4444/udp # Kerberos 5 to 4 ticket xlator
nv-video 4444/udp # NV video
Tod
abl.com
Reply to: