[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP fw-in deny eth0 UDP

"Robert Davies" <Rob_Davies@NTLWorld.Com> wrote:

> > Oct  6 23:17:50 www kernel: IP fw-in deny eth0 UDP
> > L=80 S=0x00 I=14054 F=0x0000 T=128
> Is there DHCP knocking around?  Believe broadcasts
> used by it.

Yes, I have seen BOOTP traffic.  However, these recent messages are
different in several ways:

1) the loopback address is used (before, it was various class C

2) the ports are 4412 and 47624 (before, they were the BOOTP ports 67 and

3) the port 4412 is actually incremented, up to 4460, like in a scan
(before, only the first, class C, IP address changed -- the ports stayed the

The only typical services I could find in that range were:

krb524            4444/udp   # Kerberos 5 to 4 ticket xlator
nv-video          4444/udp   # NV video


Reply to: