Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I keep getting a lot of these and I've noticed it take a few boxes off the net and I'm not sure why...
I've found no viruses of any kind on the systems.
Code:
Security log:
Tue Aug 17 17:21:51 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:21:51 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:22:21 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:22:51 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:23:21 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:23:51 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:35:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:35:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:35:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:36:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:36:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:36:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:37:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:37:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:37:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:38:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:38:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:38:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:39:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:39:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:39:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:40:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:40:12 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:40:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:40:42 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:40:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:41:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:41:12 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:41:42 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:41:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:41:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:42:12 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:42:12 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:42:42 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:42:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:42:42 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:43:12 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:43:42 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:43:42 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:44:43 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:44:43 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:44:43 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:45:13 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:45:13 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:45:44 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:45:44 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:45:44 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:46:14 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:46:14 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:46:44 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:46:44 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:46:44 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:14 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:14 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:14 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:44 2010
=>Found attack from 192.168.2.7.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:44 2010
=>Found attack from 192.168.2.4.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:47:44 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
Tue Aug 17 17:48:14 2010
=>Found attack from 192.168.2.8.
Source port is 137 and destination port is 137 which use the UDP protocol.
...
...
...
the entire 192.168.2.x range is on the router. no dedicated hardware firewall.
OS are Windows Vista and 7. However, i've randomly noticed some systems not being able to access websites or the internet at random times and i can only assume that the udp alerts are causing this.
If this is a small office network without a Microsoft Windows Server, you may be faced with a license issue that can cause this error. Standard Windows Home Edition or Pro Edition that are not Server Edition have a licensed consecutive connection limit of 5 connections. So for example if you have a printer shared on the network, or a network shard that is a workstation and more that 5 other computers connect to it concurrently, it will show up as a UDP flood as it was not designed to allow for that many connections.
Another common error is that you have a set of printer shares in a loop on the network. All printer shares are supposed to be setup hierarchically, where as most people do not follow this rule and have network glitches. So for example if you have 3 computers each with a printer, you are not supposed to network all the printers to all the computers. The first computer can share the printer to computers two and three. Computer two can shard the printer to computer 3. But computer 3 should not share the printer. All share connections flow in one direction and never in a loop.
These issues aside, scan for any memory resident viruses, but otherwise the flood can be ignored. As soon as you try to tell most office managers the two above mentioned rules, they do not want to hear the truth, they just want everything networked together. As such that is why we have jobs, things will always break.
So because I have around 8 Windows computers on the network, I'm facing this issue? We recently setup a new wireless printer to replace the printer that was connected to a Windows Vista machine that all the systems used. I'm not sure if that might be part of the cause or not I never knew about this lic issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.