hi there,

have been closing down network access and fighting off DOS attacks. just did a dmesg and got many of these entries:

UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8
(lots of these)

we've had lots of dns-related unwanted dos traffic so nervous about the destination port of 53.

have searched and searched, and apart from possible problem with eth nic (?!) have found no answers. does anyone know where i should start looking or if these entries are something to be concerned about?

thanks, andrewg.

UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8
Ithis is not some ancient kernel version and if all your traffic across all protocols show checksum errors I'd investigate hardware/network issues. UDP checksums are optional. At least for the bad checksum message this means the kernel already discarded the packet and is just notifying you afterwards.


we've had lots of dns-related unwanted dos traffic.
I'd vote for iptables limiting.

hi there,

thanks for the reply. yeah, new kernel would help and i'm getting to that. good to know there is no real issue with the short packet messages.

also have updated limit function in iptables. fwbuilder is a nice piece of software for building firewall tables btw.

thanks,
andrewg.