Hm, thanks. # shorewall drop 77.247.156.58
I got tired looking at 77.247.156.58 cluttering my log. -----Original Message----- From: Wayne S [mailto:[email protected]] Sent: 21. mai 2013 19:36 To: Shorewall Users Subject: Re: [Shorewall-users] UDP 38 - my log is flooded At 5/21/2013 12:12 PM, you wrote: Hi all: I see a lot of these messages: ######################### May 19 06:25:54 munin kernel: [3093836.996827] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32900 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:27:03 munin kernel: [3093906.026783] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32901 PROTO=UDP SPT=51327 DPT=38 LEN=56 May 19 06:28:12 munin kernel: [3093975.060379] Shorewall:net2fw:DROP:IN=eth0 OUT = MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32902 PROTO=UDP SPT=51327 DPT=38 LEN=56 ######################### At the time of writing 3096 entries and counting... I have filtered out my IP (DST=) UDP 38 is unknown to me and /etc/services did not give me a clue either. What's going on? Thanks - Øyvind Port 38 is Route Access Protocol - RAP, and someone may be trying to add a route to your firewall. Wayne ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
