Hi all, I have a query for you all. The ISP where my firewall and servers reside has a number of machines that are broadcasting UDP packets (port 2301) across the network (as seen below):
17 5 Aug 6 04:26:02 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:05 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:11 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:22 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:23 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:34 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:36 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. 17 5 Aug 6 04:26:38 FILTER: Remote access filter blocks: UDP bcast xl0 [x.x.x.x/2301]->[255.255.255.255/2301] l=12. The service on port 2301 appears to be a "Compaq Web-based Management" service. These machines are not under my control and are sending these packets every few minutes. I believe that there is a possible security risk involved here (which you may be able to clarify), not for my machines in specific, but possibly other machines not behind the firewall at the ISP. This service is external facing and anyone can access it! This Compaq web service does not exist on any of my equipment so there is not issue with respect to that. Now, here's the question... My log files are growing extremely large as a result of this frequent occurrence. Is there a way to temporarily stop the firewall from logging the rejection of these *specific* packets? I am not saying i want to allow them through the firewall, just that i do not want them logged as i may be missing more important warnings due to the massive log files. As usual all comments / observations are fully appreciated. TIA, Gerald.
