What about these packets?

All of lore.kernel.org
 help / color / mirror / Atom feed

* What about these packets?
@ 2005-01-29  2:29 Mohammad Khan
  2005-01-29  2:43 ` Jason Opperisano
  0 siblings, 1 reply; 4+ messages in thread
From: Mohammad Khan @ 2005-01-29  2:29 UTC (permalink / raw)
  To: netfilter

two rules in my INPUT chains are:
-A INPUT -s 63.110.21.51 -m state --state NEW -j LOG --log-prefix
"PLAYNC_NEW " --log-level debug
-A INPUT -s 63.110.21.51 -m state --state NEW -j DROP

My router is keeping the following logs

Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=775 PROTO=UDP SPT=14339
DPT=33438 LEN=12
Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=1031 PROTO=UDP SPT=14339
DPT=33440 LEN=12
Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
DPT=33438 LEN=12
Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
DPT=33440 LEN=12
Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
DPT=33438 LEN=12
Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
DPT=33440 LEN=12
Jan 28 18:33:01 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=3 ID=777 PROTO=UDP SPT=14339
DPT=33438 LEN=12


I have replace my original ip with x.x.x.x
What can I say about these packets?
Please let me learn more details about this packet.

MOhammad





^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: What about these packets?
  2005-01-29  2:29 What about these packets? Mohammad Khan
@ 2005-01-29  2:43 ` Jason Opperisano
  2005-01-29  2:50   ` Mohammad Khan
  0 siblings, 1 reply; 4+ messages in thread
From: Jason Opperisano @ 2005-01-29  2:43 UTC (permalink / raw)
  To: netfilter

On Fri, 2005-01-28 at 21:29, Mohammad Khan wrote:
> two rules in my INPUT chains are:
> -A INPUT -s 63.110.21.51 -m state --state NEW -j LOG --log-prefix
> "PLAYNC_NEW " --log-level debug
> -A INPUT -s 63.110.21.51 -m state --state NEW -j DROP
> 
> My router is keeping the following logs
> 
> Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=775 PROTO=UDP SPT=14339
> DPT=33438 LEN=12
> Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=1031 PROTO=UDP SPT=14339
> DPT=33440 LEN=12
> Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
> DPT=33438 LEN=12
> Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
> DPT=33440 LEN=12
> Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
> DPT=33438 LEN=12
> Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
> DPT=33440 LEN=12
> Jan 28 18:33:01 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=3 ID=777 PROTO=UDP SPT=14339
> DPT=33438 LEN=12
> 
> 
> I have replace my original ip with x.x.x.x
> What can I say about these packets?
> Please let me learn more details about this packet.

judging from the destination UDP ports and the TTL--i would say that
they are traceroute packets.

-j

--
"What's the point of going out, we're just going to end up back
 here anyway?"
	--The Simpsons



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: What about these packets?
  2005-01-29  2:43 ` Jason Opperisano
@ 2005-01-29  2:50   ` Mohammad Khan
  2005-01-29  7:55     ` Frank Gruellich
  0 siblings, 1 reply; 4+ messages in thread
From: Mohammad Khan @ 2005-01-29  2:50 UTC (permalink / raw)
  To: Jason Opperisano; +Cc: netfilter

On Fri, 2005-01-28 at 21:43 -0500, Jason Opperisano wrote:
> On Fri, 2005-01-28 at 21:29, Mohammad Khan wrote:
> > two rules in my INPUT chains are:
> > -A INPUT -s 63.110.21.51 -m state --state NEW -j LOG --log-prefix
> > "PLAYNC_NEW " --log-level debug
> > -A INPUT -s 63.110.21.51 -m state --state NEW -j DROP
> > 
> > My router is keeping the following logs
> > 
> > Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=775 PROTO=UDP SPT=14339
> > DPT=33438 LEN=12
> > Jan 28 18:32:46 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=1 ID=1031 PROTO=UDP SPT=14339
> > DPT=33440 LEN=12
> > Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
> > DPT=33438 LEN=12
> > Jan 28 18:32:51 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
> > DPT=33440 LEN=12
> > Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=776 PROTO=UDP SPT=14339
> > DPT=33438 LEN=12
> > Jan 28 18:32:56 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=2 ID=1032 PROTO=UDP SPT=14339
> > DPT=33440 LEN=12
> > Jan 28 18:33:01 stingray kernel: PLAYNC_NEW IN=eth0 OUT=
> > MAC=00:c0:26:63:47:f5:00:90:1a:40:a2:9f:08:00 SRC=63.110.21.51
> > DST=x.x.x.x LEN=32 TOS=0x00 PREC=0x20 TTL=3 ID=777 PROTO=UDP SPT=14339
> > DPT=33438 LEN=12
> > 
> > 
> > I have replace my original ip with x.x.x.x
> > What can I say about these packets?
> > Please let me learn more details about this packet.
> 
> judging from the destination UDP ports and the TTL--i would say that
> they are traceroute packets.
> 
> -j


my log file is full of this shit.
Are they doing traceroute for all the day long??



> 
> --
> "What's the point of going out, we're just going to end up back
>  here anyway?"
> 	--The Simpsons
> 
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: What about these packets?
  2005-01-29  2:50   ` Mohammad Khan
@ 2005-01-29  7:55     ` Frank Gruellich
  0 siblings, 0 replies; 4+ messages in thread
From: Frank Gruellich @ 2005-01-29  7:55 UTC (permalink / raw)
  To: netfilter

* Mohammad Khan <mkhan@lextranet.com> 28. Jan 05:
> On Fri, 2005-01-28 at 21:43 -0500, Jason Opperisano wrote:
> > On Fri, 2005-01-28 at 21:29, Mohammad Khan wrote:
> > > two rules in my INPUT chains are:
> > > -A INPUT -s 63.110.21.51 -m state --state NEW -j LOG --log-prefix
> > > "PLAYNC_NEW " --log-level debug
> > > -A INPUT -s 63.110.21.51 -m state --state NEW -j DROP
> > > 
> > > My router is keeping the following logs
> > > [snip udp logs]
> > > 
> > > What can I say about these packets?
> > judging from the destination UDP ports and the TTL--i would say that
> > they are traceroute packets.
> my log file is full of this shit.

So, why are you logging it?  It's just the normal white noise of
ordinary Internet traffic.  Nothing to care about.

> Are they doing traceroute for all the day long??

Maybe you should tell them to go away instead of remain silent.
(Replace the -j DROP with a -j REJECT --reject-with
icmp-port-unreachable.)

HTH,
 regards, Frank.
-- 
,------------------------.------------------------.--------------------.
| Chemnitzer Linux-Tage  | "Linux loves desktops" ' team@linux-tage.de |
| March, 5th + 6th, 2005 |       http://chemnitzer.linux-tage.de/      |
'------------------------'---------------------------------------------'


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-01-29  7:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-29  2:29 What about these packets? Mohammad Khan
2005-01-29  2:43 ` Jason Opperisano
2005-01-29  2:50   ` Mohammad Khan
2005-01-29  7:55     ` Frank Gruellich

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.