[leaf-user] Port 1191 still getting slammed

Wed, 02 Jul 2003 19:12:34 -0700 

OK, I'm baffled by this.  I have Roadrunner cable, which went
down for about a day.  When it came back up, I noticed my
LEAF-Bering (v1.0-stable) firewall was getting hit a lot on udp
port 1191 and it just hasn't stopped.  I've also got some other
hits that I just don't understand - take a look:


Jul 2 21:00:02 jericho kernel: Shorewall:net2all:DROP:IN=eth1
OUT= MAC=00:80:c6:fb:63:59:00:08:20:cc:8c:54:08:00
SRC=199.166.24.1 DST=66.56.165.39 LEN=56 TOS=0x00 PREC=0x00
TTL=236 ID=56933 DF PROTO=ICMP TYPE=3 CODE=3 [SRC=66.56.165.39
DST=199.166.24.1 LEN=65 TOS=0x00 PREC=0x00 TTL=49 ID=60613
FRAG:64 PROTO=UDP ]


I don't understand the part that's in brackets.  My net interface
is eth1 at ip address 66.56.165.39.  My loc network is
192.168.1.0/24 and my dmz is 192.168.2.0/24.

And then here is a port 1191 hit:


Jul 2 21:03:27 jericho kernel: Shorewall:net2all:DROP:IN=eth1
OUT= MAC=00:80:c6:fb:63:59:00:08:20:cc:8c:54:08:00
SRC=66.227.182.56 DST=66.56.165.39 LEN=68 TOS=0x00 PREC=0x00
TTL=113 ID=24809 PROTO=UDP SPT=2034 DPT=1191 LEN=48


I tried setting udp1191 to reject (rather than drop), but then
then hits started coming in on tcp1191!  I've also had a lot of
hits on udp3182, and when I tried rejecting those, they started
coming in on tcp3182 as well.  I just don't know what to make of
all this.  In the course of a day, I've been getting more than
3000 hits sometimes.  None of this, as far as I know, was
happening before the outage occurred.  Could this be some sort of
probe Roadrunner is doing?


Sincerely,
Jim Hubbard

              .--.
             |o_o |
             |:_/ |
            //   \ \
           (|     | )
          /'\_   _/`\
          \___)=(___/

Rockingham County Linux Users Group
        www.rock.lug.net
____________________________________






-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to