I am a pretty fair newbie in internet security issues, use of iptables and so forth. But I already have been attacked by some variant of a worm that attacked certain ports on my system, slowing my internet connection etc. I noticed before certain udp checksom problems when that happened, and at the time (8.2) installed portsentry.
Anyhow, in grepping my last month's worth of logs, I noticed a few liens like: Feb 3 14:38:35 m206-157 kernel: UDP: bad checksum. From 210.241.254.126:1812 to 198.144.206.157:1812 ulen 49 Feb 4 21:33:15 m206-157 kernel: UDP: bad checksum. From 210.241.254.126:1812 to 198.144.206.157:1812 ulen 49 These lines are very similar to log entries I got when that problem surfaced a couple of months ago. The only difference are the input and output ports. It seems much less rampant than the problem I experienced before. Question - is this another variant - and what if any purpose do ports 1812 and 3530 serve? Secondly, will the following command fix things? The intent is to block input access to port 1812. $ iptables -A INPUT -p udp --dport 1812 -j DROP
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
