Fwd: Re: Denied Packets?
Chris Ampenberger
christian-ETYuwdzrPJK4mfPA/iJWtA at public.gmane.org
Fri Aug 27 09:15:37 EDT 2010
On 08/27/2010 12:47 AM, Tom Metro wrote:
> Chris Ampenberger wrote:
> =20
>> Denied 514 packets on interface eth0
>> From 24.126.108.211 - 3 packets to udp(15974)=20
>> From 71.10.172.122 - 3 packets to udp(15974)=20
>> From 72.18.205.156 - 1 packet to udp(38229)=20
>> From 149.20.54.20 - 1 packet to udp(35103)=20
>> From 169.229.70.201 - 1 packet to udp(36554)=20
>>
>> I noticed the following denied packet messages in logwatch today. All =
of
>> these are outside my home network and I wonder how they even got throu=
gh
>> the Linksys WRT654G router.=20
>> =20
> UDP is stateless, so if a machine on your LAN sends out a UDP packet on=
> port 15974, most NAT routers will pass through any reply directed at
> that port. (Some NAT traversal technologies take advantage of this by
> having both ends - each behind a NAT router - fire packets at each othe=
r.)
>
>
> =20
>> The IP addresses are from all over the place - comcast, freeip, charte=
r,
>> Germany, Denmark,=20
>> =20
> Not unexpected if your UDP application was something like a BitTorrent
> client.
>
> -Tom
>
> =20
Hmm. Thanks for the explanation. I'm still a bit puzzled, because there
shouldn't be anything UDP except samba and ntp, certainly not a
BitTorrent client. I guess I have to do some more digging.
More information about the Discuss
mailing list