UDP: short packet

markus1982 · 08-12-2003, 05:10 AM

Anybody received such a message (generated by netfilter):

UDP: short packet: XXX.XXX.XXX.XXX:53 36982/118 to XXX.XXX.XXX.XXX:53

From the source/destination port you can see it's coming from a DNS server and travelling along to a DNS server at my box ... just wondering what produces such a weird package ... dport 53 udp is permitted ...

unSpawn · 08-12-2003, 06:19 AM

Interval? Once, daily, per?
IP addr distribution? Multiple remote addr? Local? Only DNS?
Tcpdump/Netfilter log target tcpdumped? Packet checksum?

markus1982 · 08-12-2003, 06:23 AM

I received that notice just one. It has been logged by the kernel ... it had just once destination address.

unSpawn · 08-12-2003, 06:34 AM

I don't know what generated it, I only know - from reading the kernel source for udp.c - that it'll be logged, and then discarded from the buffer, so it should not be considered a hazard. If this somehow continues and you manage to tcpdump it, then I'll be interested.

markus1982 · 08-12-2003, 08:03 AM

Well i'll see what i can do. it's the only time I saw such a message anyways :-)