Re: Logcheck warning: UDP packet from outside my network?

To: debian-user@lists.debian.org
Subject: Re: Logcheck warning: UDP packet from outside my network?
From: "Bojan Baros" <bojan@blis.dyndns.org>
Date: Fri, 4 Jun 2004 14:14:51 -0400 (EDT)
Message-id: <[🔎] 2439.67.129.126.4.1086372891.squirrel@67.129.126.4>
In-reply-to: <[🔎] mc81c0p8uplkuovt2fc8ledr7pokfhek8r@4ax.com>
References: <[🔎] mc81c0p8uplkuovt2fc8ledr7pokfhek8r@4ax.com>

Matthijs said:
> Since a few days, Logcheck sometimes e-mails me the following warning:
>
> Jun  4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> 2167/119 to 192.168.1.2:10768
>
> I'm not really interested in what these packets are for (I guess some
> kind of worm/DoS related packets), but I'm more interested in the
> source of the packets: 24.5.180.234 is *outside* my network.
>
> This Linux machine is located behind a hardware router with build-in
> SPI firewall (Linksys WRT54G, in case you're interested). It should
> prevent unwanted packets to uninteresting ports to enter my network.
> I've just double-checked the port-forwarding section and packets to
> 10768 or 10030 are definitely NOT forwarded.
>
> Can anybody explain what is going on here?
>

Try playing with nmap from another location.

It is common that firewalls do not block UDP packages because they are
considered harmless, since they do not establish a connection.  That is,
until slammer came around.

Bojan

Reply to:

Follow-Ups:
- Re: Logcheck warning: UDP packet from outside my network?
  - From: Matthijs <vanaalten@hotmail.com>

References:
- Logcheck warning: UDP packet from outside my network?
  - From: Matthijs <vanaalten@hotmail.com>

Prev by Date: Re: Starting Spamassassin?
Next by Date: RE: Backup to CD-RW
Previous by thread: Re: Logcheck warning: UDP packet from outside my network?
Next by thread: Re: Logcheck warning: UDP packet from outside my network?
Index(es):
- Date
- Thread