Re: IP fw-in deny eth0 UDP
Is there DHCP knocking around? Believe 255.255.255.255 broadcasts used by
it.
Rob
----- Original Message -----
From: "Paul Tod Rieger" <prie@abl.com>
To: <debian-firewall@lists.debian.org>
Sent: Sunday, October 08, 2000 4:17 PM
Subject: IP fw-in deny eth0 UDP
> What does someone do in order to produce these log messages?
> Is it someone trying a UDP exploit? Or just someone with
> a misconfigured system/application on my cable-modem (eth0)
> network? (slink ipmasq'd firewall/router; eth1 internal LAN)
>
> Oct 6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412
255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
> Oct 6 23:17:55 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4413
255.255.255.255:47624 L=80 S=0x00 I=14055 F=0x0000 T=128
> Oct 6 23:18:00 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4414
255.255.255.255:47624 L=80 S=0x00 I=14056 F=0x0000 T=128
>
>
> and then 21 more:
>
> Oct 7 00:00:32 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4440
255.255.255.255:47624 L=80 S=0x00 I=14633 F=0x0000 T=128
> [...]
> Oct 7 00:02:13 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4460
255.255.255.255:47624 L=80 S=0x00 I=14655 F=0x0000 T=128
>
> Just curious.... I still seem to have root access. :-)
>
> Tod
> abl.com
Reply to: