Re: Logcheck warning: UDP packet from outside my network?
On Fri, 04 Jun 2004 20:20:09 +0200, "Bojan Baros"
<bojan@blis.dyndns.org> wrote:
> Matthijs said:
> > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> > 2167/119 to 192.168.1.2:10768
> >
> > I'm not really interested in what these packets are for (I guess some
> > kind of worm/DoS related packets), but I'm more interested in the
> > source of the packets: 24.5.180.234 is *outside* my network.
> >
> > This Linux machine is located behind a hardware router with build-in
> > SPI firewall (Linksys WRT54G, in case you're interested). It should
> > prevent unwanted packets to uninteresting ports to enter my network.
> > I've just double-checked the port-forwarding section and packets to
> > 10768 or 10030 are definitely NOT forwarded.
> >
> > Can anybody explain what is going on here?
> >
>
> Try playing with nmap from another location.
Will ask a friend to do that, in the near future...
> It is common that firewalls do not block UDP packages because they are
> considered harmless, since they do not establish a connection. That is,
> until slammer came around.
That last sentence worries me a bit. What would you advice:
- Just ignore it & keep my software up to date;
- Add (another) firewall to my system, especially for UDP packets;
- Just add a firewall program to this Linux machine;
Anyway, thanks for the explanation!
--
Matthijs
vanaalten@hotmail.com
Reply to: