What does someone do in order to produce these log messages? Is it someone trying a UDP exploit? Or just someone with a misconfigured system/application on my cable-modem (eth0) network? (slink ipmasq'd firewall/router; eth1 internal LAN)
Oct 6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128 Oct 6 23:17:55 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4413 255.255.255.255:47624 L=80 S=0x00 I=14055 F=0x0000 T=128 Oct 6 23:18:00 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4414 255.255.255.255:47624 L=80 S=0x00 I=14056 F=0x0000 T=128 and then 21 more: Oct 7 00:00:32 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4440 255.255.255.255:47624 L=80 S=0x00 I=14633 F=0x0000 T=128 [...] Oct 7 00:02:13 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4460 255.255.255.255:47624 L=80 S=0x00 I=14655 F=0x0000 T=128 Just curious.... I still seem to have root access. :-) Tod abl.com
