[CLUE-Tech] MASSIVE UDP packets?
Brandon N
bneill at yahoo.com
Wed Sep 19 22:45:36 MDT 2001
> Here is a sample log entry:
> Sep 19 21:13:51 jumanji kernel: Packet log: input ACCEPT eth0
> PROTO=17
> 24.1.8.14:121 24.1.15.255:121 L=50 S=0x00 I=61766 F=0x0000 T=30 (#12)
It is a broadcast packet, as the "24.1.15.255" shows.
:121 shows the port, but I'm not aware of a service at port 121, it
isn't something standard, but could be related to something the user at
.14 is using.
I found this from IANA:
erpc 121/tcp Encore Expedited Remote Pro.Call
erpc 121/udp Encore Expedited Remote Pro.Call
I wouldn't worry about it too much, are they almost always coming from
the same machine?
Brandon
> My questions are many:
> 1. What is happening to the accepted packets?
> 2. Should I worry about this or is it a matter of turning off
> logging
> for the new input rule? (I did turn off logging for now to keep my
> syslog from using all file space)
> 3. While I was writing this email, it occurred to me that this may
> be
> a simple matter or 'normal' network traffic because I know that UDP
> packets are broadcast. Is this the case?
> 4. Are there other anomalies could explain the observations?
__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
More information about the clue-tech
mailing list