[PLUG] iptables firewalling...

plug_0 at robinson-west.com plug_0 at robinson-west.com
Mon Sep 4 18:41:01 UTC 2006


Here is the excerpt of interest:

Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17852 PROTO=UDP
SPT=45604 DPT=1025 LEN=695
Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17853 PROTO=UDP
SPT=45604 DPT=1026 LEN=695
Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17855 PROTO=UDP
SPT=45604 DPT=1028 LEN=695
Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17856 PROTO=UDP
SPT=45604 DPT=1029 LEN=695
Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
DST=209.210.202.174 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=10446 PROTO=UDP
SPT=45604 DPT=1025 LEN=695

I'm assuming these probes that are getting blocked are attempts to connect
to services that don't exist.  Do I ever need to allow an Internet host
to connect from an unpriviledged udp port to my server?  Should I only log
attempts to connect to/from a priviledged >1024 udp port?

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/



More information about the PLUG mailing list