On Friday 2010-05-07 21:08, dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote: > I keep seeing this log message in my firewall logs: > May 7 15:05:12 firewall kernel: DROP IN=eth3 OUT= > MAC=00:80:c8:ca:9f:bb:00:0f:35:2e:81:a2:08:00 SRC=64.94.179.24 > DST=204.111.42.226 LEN=32 TOS=0x00 PREC=0x00 TTL=5 ID=2063 PROTO=UDP SPT=10495 > DPT=33444 LEN=12 > > The SRC address differs from time to time. Are these port scans? - low TTL - UDP payload of 4 bytes - linux udp traceroute defaults to 40 bytes of payload - nmap udp port scans default to 0 bytes Combine, Watson! :) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html