On 24/01/12 15:53, Kevin Buckley wrote:
Having recently restarted my local opensim server I find that the access port
is attracting a huge volume of what seem
to be port probes. On the console it looks like this:
15:18:27 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
109.170.204.74:10646:
15:18:27 - 23 5A 02 E3 2A F7 56 8B 79 D5 94 B4 26 78 C8 E2
2C 79 90 65 62 4D 2E 4E 9D CC 6B 89
15:20:34 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
86.164.18.198:57353:
15:20:34 - 24 F0 02 A6 11 7F 18 8B 79 D5 94 B6 28 22 ED 60
BE 20 5A 4E 7F 9F 26 80 2F B6 C5 82
15:30:18 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from
174.118.94.143:3320:
15:30:18 - BE B9 02 9B 16 04 46 A4 36 2E 93 97 3E 5C C3 DA
02 20 D2 DA 5F A1 07 69 7F B4 B6 05
There are many hundreds of them throughout the day – often from the same
source, often from a variety of souces. Leaving
a port sniffer running (Wireshark) confirms that this is real. If I search on
some of the IP addresses, some of them
show up in Google as previous spambot or phishing sources.
If I run ‘ShieldsUp’ it shows that the opensim port DOES respond if poked
remotely.
Has anyone seen this? Is it a problem?
This shouldn't be a problem since any such malformed packets are thrown away. However, I can see where constant ERROR
messages about this could get annoying.
I would have thought that it would be better for the Opensim access port to be
stealthy unless it receives a valid UDP
packet?
I don't believe you can selectively open a port short of port-knocking. And that would be impossible for every single
UDP packet.
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
_______________________________________________
Opensim-users mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-users
