Probably not the right place to ask, but on my server in Italy I'm getting a large number of packets from random addresses, but all on port 55460, eg today's logwatch had ---------------------------------- Dropped 34698 packets on interface eth0 From 1.11.233.123 - 1 packet to udp(55460) From 1.23.134.180 - 1 packet to udp(55460) ... ---------------------------------- Yesterday ---------------------------------- Dropped 32960 packets on interface eth0 From 1.22.16.115 - 1 packet to udp(55460) From 1.22.30.108 - 1 packet to udp(55460) ... ---------------------------------
I'm running shorewall on this CentOS-5.6 machine, and also fail2ban . I'm using a Billion 5200 modem/router to connect my server to the internet. I probably could do something on this to stop the packets before they get to the server, but would this be worth-while? I haven't tried programming the Billion at all. Also, does the port 55460 signify anything? Finally, is there anything more that I could or should do in shorewall ? At present I have --------------------------------- # # Policies for traffic originating from the Internet zone (net) # net $FW DROP info net loc DROP info net all DROP info --------------------------------- in /etc/shorewall/policy . Any suggestions gratefully received. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
