Re: IP fw-in deny eth0 UDP

To: <debian-firewall@lists.debian.org>
Subject: Re: IP fw-in deny eth0 UDP
From: "Paul Tod Rieger" <prie@abl.com>
Date: Mon, 9 Oct 2000 17:06:36 -0400
Message-id: <[🔎] 005001c03234$cf4ea5a0$0404a8c0@abl.com>
References: <[🔎] 20001009173852.21705.qmail@erich.xmldesign.de>

<erich.schubert@mucl.de> wrote:

>> > Oct  6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412
>> > 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128
>
>So my conclusion is:
>
>It's a message from a forged ip address (or a seriously
>mißconfigured system) broadcasting to port 47624
>
>Broadcasts should usually be only intra-net.
>Broadcasts from outside ("directed broadcasts") should be
>blocked by your internet router. (to prevent abuse of your
>network for smurf'ing etc.) Check if this broadcast could come
>from outside or if it has to come from inside your network.

eth0 -- shared cable-modem /24 subnet
eth1 -- shared internal 192.168 subnet

So, the packets probably came from one of the other 250+ customers on the
cable-modem subnet -- not from just anywhere on the Internet because those
attempts would have been stopped by the cable's router.

So, one of my "neighbors" is manufacturing packets.  Cute.

Thanks for the info!

Tod
abl.com

Reply to:

References:
- Re: IP fw-in deny eth0 UDP
  - From: erich.schubert@mucl.de

Prev by Date: Re: NTP secure
Next by Date: Re: NTP secure
Previous by thread: Re: IP fw-in deny eth0 UDP
Next by thread: Redirecting (is that the word)?
Index(es):
- Date
- Thread