Matthijs said: > Since a few days, Logcheck sometimes e-mails me the following warning: > > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030 > 2167/119 to 192.168.1.2:10768 > > I'm not really interested in what these packets are for (I guess some > kind of worm/DoS related packets), but I'm more interested in the > source of the packets: 24.5.180.234 is *outside* my network. > > This Linux machine is located behind a hardware router with build-in > SPI firewall (Linksys WRT54G, in case you're interested). It should > prevent unwanted packets to uninteresting ports to enter my network. > I've just double-checked the port-forwarding section and packets to > 10768 or 10030 are definitely NOT forwarded. > > Can anybody explain what is going on here? >
Try playing with nmap from another location. It is common that firewalls do not block UDP packages because they are considered harmless, since they do not establish a connection. That is, until slammer came around. Bojan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
