Recently, logcheck alerted me to the following in my logs (sorry about the long lines): May 17 17:06:48 localhost pppd[789]: pppd 2.4.1 started by karl, uid 1000 May 17 17:07:14 localhost pppd[789]: Connect: ppp0 <--> /dev/modem May 17 17:07:14 localhost pppd[789]: Serial connection established. May 17 17:07:14 localhost pppd[789]: Using interface ppp0 May 17 17:07:16 localhost pppd[789]: local IP address 212.1.137.43 May 17 17:07:16 localhost pppd[789]: remote IP address 212.1.128.28 May 17 17:07:40 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12390 F=0x0000 T=50 (#29) May 17 17:07:56 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12391 F=0x0000 T=50 (#29) May 17 17:08:12 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12394 F=0x0000 T=50 (#29) May 17 17:08:30 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12395 F=0x0000 T=50 (#29) May 17 17:08:46 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12404 F=0x0000 T=50 (#29) May 17 17:08:46 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=96 S=0x00 I=12403 F=0x0000 T=50 (#29) But I am at loss to what port 500/udp is? By the timings, (starting 30 seconds after connecting to my ISP), it actually looks like my ISP is trying to send those packets to me (the source IP is the other endpoint of my ppp connection). Any ideas out there? Where I can I find an authoritative list of port numbers? -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com ==== Today's fortune: Always draw your curves, then plot your reading.
Attachment:
pgpqISM3bZFhJ.pgp
Description: PGP signature