If I run snort, I get tons of these from a neighboring IP (I'm assuming "dirty" windows in contrast to anything malicious BTW). ---------------------------- [**] MISC UPnP malformed advertisement [**] 11/04-16:25:15.492306 151.202.17.22:1901 -> 239.255.255.250:1900 UDP TTL:150 TOS:0x0 ID:1 IpLen:20 DgmLen:355 Len: 327 --------------------------- None of these packets get logged by IPTables. To be sure, I added a "kitchen sink" rule at the very top specific to the offending IP with no parameters: -A INPUT -s 151.202.17.22 -j LOG --log-prefix "Firewall: " --log-level debug --log-tcp-sequence --log-tcp-options --log-ip-options Any ideas? What am I not understanding?
Attachment:
signature.asc
Description: This is a digitally signed message part
