well, 53/udp is dns traffic. So if you're not running a dns server serving the
internet, block it off. iirc you're using clark connect... surely it's got a
firewall.
Not that it's any volume of traffic, really...
On Wed, 15 Oct 2008 21:00:56 +1300
[EMAIL PROTECTED] wrote:
> I've got a 7.8mb secure log with this stuff in it and not sure what I
> should do to sort it out?
>
> [EMAIL PROTECTED] log]# tail -f secure
> Oct 15 21:06:41 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 203.96.152.4:53 ->
> 121.73.114.171:58076
> Oct 15 21:06:41 bowenvale last message repeated 2 times
> Oct 15 21:06:41 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.174.101.194:61636 ->
> 121.73.114.171:25768
> Oct 15 21:06:43 bowenvale snort[21511]: [1:408:5] ICMP Echo Reply
> [Classification: Misc activity] [Priority: 3]: {ICMP} 69.90.141.108 ->
> 121.73.114.171
> Oct 15 21:06:47 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 203.96.152.4:53 ->
> 121.73.114.171:58076
> Oct 15 21:06:47 bowenvale last message repeated 2 times
> Oct 15 21:06:52 bowenvale sshd[21144]: Did not receive identification
> string from ::ffff:125.215.218.34
> Oct 15 21:06:53 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.241.249.210:51264 ->
> 121.73.114.171:37912
> Oct 15 21:06:53 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.225.114.13:17910 ->
> 121.73.114.171:37912
> Oct 15 21:06:53 bowenvale snort[21511]: [1:408:5] ICMP Echo Reply
> [Classification: Misc activity] [Priority: 3]: {ICMP} 69.90.141.108 ->
> 121.73.114.171
> Oct 15 21:06:55 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.174.101.194:61636 ->
> 121.73.114.171:25768
> Oct 15 21:06:55 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.241.246.81:3743 ->
> 121.73.114.171:25768
> Oct 15 21:06:56 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 129.186.194.160:52234 ->
> 121.73.114.171:37912
> Oct 15 21:06:56 bowenvale snort[21511]: [1:384:5] ICMP PING
> [Classification: Misc activity] [Priority: 3]: {ICMP} 209.80.45.41 ->
> 121.73.114.171
> Oct 15 21:06:57 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.174.101.194:61636 ->
> 121.73.114.171:25768
> Oct 15 21:06:58 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 132.206.121.52:9413 ->
> 121.73.114.171:25768
> Oct 15 21:07:01 bowenvale snort[21511]: [1:1620:5] BAD TRAFFIC
> Non-Standard IP protocol [Classification: Detection of a non-standard
> protocol or event] [Priority: 2]: {UDP} 71.174.101.194:61636 ->
> 121.73.114.171:25768
>
>
> Cheers Don
> --
> Don Gould
> 31 Acheson Ave, Mairehau, Christchurch, NZ
> Ph +64 3 348 7235 or + 64 21 114 0699
> www.thinkdesignprint.co.nz
--
Steve Holdoway <[EMAIL PROTECTED]>
