Is there DHCP knocking around? Believe 255.255.255.255 broadcasts used by it.
Rob ----- Original Message ----- From: "Paul Tod Rieger" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Sunday, October 08, 2000 4:17 PM Subject: IP fw-in deny eth0 UDP > What does someone do in order to produce these log messages? > Is it someone trying a UDP exploit? Or just someone with > a misconfigured system/application on my cable-modem (eth0) > network? (slink ipmasq'd firewall/router; eth1 internal LAN) > > Oct 6 23:17:50 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4412 255.255.255.255:47624 L=80 S=0x00 I=14054 F=0x0000 T=128 > Oct 6 23:17:55 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4413 255.255.255.255:47624 L=80 S=0x00 I=14055 F=0x0000 T=128 > Oct 6 23:18:00 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4414 255.255.255.255:47624 L=80 S=0x00 I=14056 F=0x0000 T=128 > > > and then 21 more: > > Oct 7 00:00:32 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4440 255.255.255.255:47624 L=80 S=0x00 I=14633 F=0x0000 T=128 > [...] > Oct 7 00:02:13 www kernel: IP fw-in deny eth0 UDP 127.0.0.1:4460 255.255.255.255:47624 L=80 S=0x00 I=14655 F=0x0000 T=128 > > Just curious.... I still seem to have root access. :-) > > Tod > abl.com
