Re: Speaking of broadcasts, is this a security threat?

[Scott <nullified@penguinpowered.com>]


> > >
> > > Every few minutes I see the following show up in my log:
> > >
> > > Aug  8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > Aug  8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=639 F=0x4000 T=1 (#4)
> > > Aug  8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
> > > Aug  8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
> > > +10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=639 F=0x4000 T=1 (#4)

It looks like (for the last line):
-This happened on Aug 8
-This happened at 00:49:40
-This happened on the "riseup" machine
-This packet came into the machine
-This packet was DENIED
-This packet came in on eth0
-This was a TCP packet
-This packet came from 10.0.0.1 with a return port of 1999
-This packet was addressed to 255.255.255.255 on port 1999
-This packet was 94 bytes long
-This packet had no type of service set
-This packet was set to not be a fragment
-This packet had a time to live of 1 hop

> > > Now if I interpret this correctly this means that my internal network
> > > interface is broadcasting protocol 1999 (which is like a kerberos thing? I
> > > dont know, I don't have kerberos installed, enabled or anything on my
> > > system) - but it seems to be blasting it out and I am trying to deny
> > > it. Is this actually something on my end that I need to tell to shutup, or
> > > is someone doing this to me? Either one, how can I make it stop??