Re: IP fw-in deny eth0 UDP

To: <debian-firewall@lists.debian.org>, "Paul Tod Rieger" <prie@abl.com>
Subject: Re: IP fw-in deny eth0 UDP
From: "Robert Davies" <Rob_Davies@NTLWorld.Com>
Date: Sun, 8 Oct 2000 18:17:14 +0100
Message-id: <[🔎] 000201c0314f$b41498c0$73c9fea9@oak>
References: <[🔎] E13iICj-0003vf-00@www.abl.com>

Is there DHCP knocking around?  Believe 255.255.255.255 broadcasts used by
it.

Rob

----- Original Message -----
From: "Paul Tod Rieger" <prie@abl.com>
To: <debian-firewall@lists.debian.org>
Sent: Sunday, October 08, 2000 4:17 PM
Subject: IP fw-in deny eth0 UDP


> What does someone do in order to produce these log messages?
> Is it someone trying a UDP exploit?  Or just someone with
> a misconfigured system/application on my cable-modem (eth0)
> network?  (slink ipmasq'd firewall/router; eth1 internal LAN)
>
> Oct  6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412
255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
> Oct  6 23:17:55 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4413
255.255.255.255:47624 L=80 S=0x00 I=14055 F=0x0000 T=128
> Oct  6 23:18:00 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4414
255.255.255.255:47624 L=80 S=0x00 I=14056 F=0x0000 T=128
>
>
> and then 21 more:
>
> Oct  7 00:00:32 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4440
255.255.255.255:47624 L=80 S=0x00 I=14633 F=0x0000 T=128
> [...]
> Oct  7 00:02:13 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4460
255.255.255.255:47624 L=80 S=0x00 I=14655 F=0x0000 T=128
>
> Just curious....  I still seem to have root access.  :-)
>
> Tod
> abl.com

Reply to:

Follow-Ups:
- Re: IP fw-in deny eth0 UDP
  - From: "Paul Tod Rieger" <prie@abl.com>

References:
- IP fw-in deny eth0 UDP
  - From: Paul Tod Rieger <prie@abl.com>

Prev by Date: IP fw-in deny eth0 UDP
Next by Date: Redirecting (is that the word)?
Previous by thread: IP fw-in deny eth0 UDP
Next by thread: Re: IP fw-in deny eth0 UDP
Index(es):
- Date
- Thread