LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-23-2006, 06:12 PM   #1
minutes2memories
LQ Newbie
 
Registered: Feb 2006
Location: australia
Distribution: Fedora Core 6
Posts: 4

Rep: Reputation: 0
UDP: Short Packets: and UDP bad checksum: entries in dmesg


hi there,

have been closing down network access and fighting off DOS attacks. just did a dmesg and got many of these entries:

UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8
(lots of these)

we've had lots of dns-related unwanted dos traffic so nervous about the destination port of 53.

have searched and searched, and apart from possible problem with eth nic (?!) have found no answers. does anyone know where i should start looking or if these entries are something to be concerned about?

thanks, andrewg.
 
Old 02-23-2006, 07:46 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,990
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8

Ithis is not some ancient kernel version and if all your traffic across all protocols show checksum errors I'd investigate hardware/network issues. UDP checksums are optional. At least for the bad checksum message this means the kernel already discarded the packet and is just notifying you afterwards.


we've had lots of dns-related unwanted dos traffic.
I'd vote for iptables limiting.
 
Old 02-26-2006, 07:28 PM   #3
minutes2memories
LQ Newbie
 
Registered: Feb 2006
Location: australia
Distribution: Fedora Core 6
Posts: 4

Original Poster
Rep: Reputation: 0
hi there,

thanks for the reply. yeah, new kernel would help and i'm getting to that. good to know there is no real issue with the short packet messages.

also have updated limit function in iptables. fwbuilder is a nice piece of software for building firewall tables btw.

thanks,
andrewg.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
udp packets m00t00 Programming 1 11-04-2004 09:20 PM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 02:53 PM
How to receive UDP and ICMP packets, by one UDP socket(PMTUD) myself_rajat Linux - Networking 0 05-28-2004 05:43 AM
UDP packets going nowhere jylhar Programming 0 01-05-2004 05:46 AM
UDP: short packet markus1982 Linux - Security 4 08-12-2003 08:03 AM


All times are GMT -5. The time now is 12:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration