LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-24-2010, 08:05 PM   #1
L1nuxn00b703
Member
 
Registered: Sep 2009
Posts: 113

Rep: Reputation: 15
Strange logs in my iptables....


Hi all,
I have iptables set up and logged and I'm getting these strange logs from IP 169.254.1 and from source port 21302. Can anyone explain where this is coming from?? Thanks.


Code:
Mar 24 19:36:08 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35257 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:36:18 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35258 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:36:29 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35259 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:36:39 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35260 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:36:49 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35261 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:36:59 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35262 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:09 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35263 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:19 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35264 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:29 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35265 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:39 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35266 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:49 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35267 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:37:59 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35268 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:38:09 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35269 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
Mar 24 19:38:19 tku kernel: [DROPPED] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:a2:57:d3:3c:08:00 SRC=169.254.1.194 DST=255.255.255.255 LEN=1473 TOS=0x00 PREC=0x00 TTL=64 ID=35270 PROTO=UDP SPT=21302 DPT=21302 LEN=1453
 
Old 03-24-2010, 08:31 PM   #2
troop
Member
 
Registered: Feb 2010
Distribution: gentoo, arch, fedora, freebsd
Posts: 379

Rep: Reputation: 96
Address block 169.254.0.0/16 are used when a host cannot obtain an IP address from a DHCP server or other internal configuration methods. The 21302 is trying to get to local address 255.255.255.255.
Such network logs is nothing extraordinary for local networks.

Last edited by troop; 03-24-2010 at 08:34 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Strange IPTables logs Leonid.I Linux - Security 6 09-22-2009 06:50 PM
Strange Logs or Not? sleepykit Mandriva 1 03-21-2006 01:06 PM
Strange FTP logs dominant Linux - Security 1 08-24-2004 02:46 AM
Strange Apache LOGs... TheIrish Linux - Security 3 02-10-2004 02:15 PM
strange logs NSKL Slackware 2 10-24-2003 06:10 AM


All times are GMT -5. The time now is 08:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration