LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-12-2003, 05:10 AM   #1
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
UDP: short packet


Anybody received such a message (generated by netfilter):

UDP: short packet: XXX.XXX.XXX.XXX:53 36982/118 to XXX.XXX.XXX.XXX:53


From the source/destination port you can see it's coming from a DNS server and travelling along to a DNS server at my box ... just wondering what produces such a weird package ... dport 53 udp is permitted ...
 
Old 08-12-2003, 06:19 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Interval? Once, daily, per?
IP addr distribution? Multiple remote addr? Local? Only DNS?
Tcpdump/Netfilter log target tcpdumped? Packet checksum?
 
Old 08-12-2003, 06:23 AM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
I received that notice just one. It has been logged by the kernel ... it had just once destination address.
 
Old 08-12-2003, 06:34 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
I don't know what generated it, I only know - from reading the kernel source for udp.c - that it'll be logged, and then discarded from the buffer, so it should not be considered a hazard. If this somehow continues and you manage to tcpdump it, then I'll be interested.
 
Old 08-12-2003, 08:03 AM   #5
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Well i'll see what i can do. it's the only time I saw such a message anyways :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to read UDP packet payload ? sceadu Programming 2 02-07-2006 09:00 PM
Is it possible to set the udp packet size for a DNS query in BIND 9.2.1?? Paul_Randle Linux - Networking 0 10-17-2005 08:29 AM
How To Stop a UDP Packet Flood ! murder Linux - Newbie 2 09-19-2005 10:14 AM
How to use skbuff to scan every byte of the payload of an UDP packet? sceadu Programming 0 11-03-2004 09:34 PM
UDP packet oss dazdaz Linux - Networking 2 04-05-2004 01:30 PM


All times are GMT -5. The time now is 05:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration