[Ilugc] IPTables Firewall Log
- From: binand@xxxxxxxxx (Binand Sethumadhavan)
- Date: Wed Mar 30 18:34:49 2005
On Wed, 30 Mar 2005 15:10:14 +0530, Ullas <browsingpark@xxxxxxxxx> wrote:
I am running an IPTables Firewall. It logs following into my log. Can
someone tell me what this traffic is all about. How can I block this
traffic.
Seems like someone traceroute'd to your server and then sombody else
tried to open a connection to an MS-SQL server - which didn't happen,
since you don't have an MS-SQL server I guess :)
Curious things:
1. The UDP packets could be a port scan, since they start very close
from 1024. All UDP traceroute programs I know use ports beyond 33000
or something.
2. Another reason to suspect portscan - the UDP packets are too big
(Unix traceroute uses 30 byte-packets, here I see 483-byte packets).
3. The UDP TTL too is interesting - seems like an odd TCP/IP stack at
the remote end, or custom made packets. You could try traceroute'ing
the other way and compare TTLs.
Binand
Other related posts:
