I have a slink server which runs samba (smbd, nmdb), named, and xntpd as well as an IP masquerade for a bunch of internal windoz machines.
A few weeks ago I started getting bursts of UDP packets every 30 seconds or so which are rejected by the standard firewall and clog up my /var/log/messages file to the tune of several MB daily. Here's what they look like from 'dmesg': IP fw-in deny eth1 UDP 192.168.0.1:1033 255.255.255.255:1478 L=329 S=0x00 I=64386 F=0x0000 T=128 (repeated many times) Here they are from /var/log/messages: Aug 1 11:27:37 myhostname kernel: IP fw-in deny eth1 UDP 192.168.0.1:1033 255.255.255.255:1478 L=329 S=0x00 I=51847 F=0x0000 T=128 (repeated many times) Using 'tcpdump -i eth1 udp' I see: 11:33:01.485932 myexternalhostalias.ucook.com.1033 > 255.255.255.255.1478: udp 301 (repeated 12 more times in each burst) 'lsof' doesn't help me find out what started sending these, at least I can't figure it out. Does anyone know what sends these? Or know how to find out? Or how to get it to stop? Or just how to not clog the log?? Thanks, ml
