Thanks all. I should have dissected the log more. THe mac= part
threw me. I was just scanning through my log files to find anything
that may account for a temporary disruption in connectivity. Ive been
losing internet connectivity for something like 2 to 3 minutes once or
twice during the day. I mean absolutely no traffic to internet during
this time. Plus, whatever the issue is, it fixes itself in that 2 or
3 minutes. Can anyone think of anything that could cause this? I
realize this is probably not a netfilter issue at all. Just grepping
the brains of some network guru's.
thanks,
ddh
Quoting Jan Engelhardt <jengelh@xxxxxxxxxx>:
On Friday 2010-05-07 21:08, dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
I keep seeing this log message in my firewall logs:
May 7 15:05:12 firewall kernel: DROP IN=eth3 OUT=
MAC=00:80:c8:ca:9f:bb:00:0f:35:2e:81:a2:08:00 SRC=64.94.179.24
DST=204.111.42.226 LEN=32 TOS=0x00 PREC=0x00 TTL=5 ID=2063
PROTO=UDP SPT=10495
DPT=33444 LEN=12
The SRC address differs from time to time. Are these port scans?
- low TTL
- UDP payload of 4 bytes
- linux udp traceroute defaults to 40 bytes of payload
- nmap udp port scans default to 0 bytes
Combine, Watson! :)
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
