[Firewall] Still trouble? UDP as well

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Mar 23 16:47:21 CET 2010


I see this happen too on my machines. Afaik, it's just bots looking for 
crappy firewall that allow (all) traffic with sourceport 53....

a.

Roland Haeder wrote:
> Hi all again,
> 
> also UDP connections, here DNS is being detected:
> ---------------------------------------------------
> Mar 19 15:52:31 firebox kernel: AIF:UNPRIV connect attempt: IN=ppp0 OUT= MAC= SRC=80.237.196.2 DST=94.220.139.245 LEN=59 TOS=0x00 PREC=0x00 TTL=54 ID=13468 PROTO=UDP SPT=53 DPT=63023 LEN=39 
> ---------------------------------------------------
> 
> The IP 80.237.196.2 is an entry in my resolv.conf:
> ---------------------------------------------------
> root at firebox:/etc/arno-iptables-firewall/plugins# grep 80.237.196.2 /etc/resolv.conf.open 
> nameserver 80.237.196.2
> ---------------------------------------------------
> 
> 94.220.139.245 is my current (dynamic) IP.
> 
> Regards,
> Roland
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list