LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page packet trace question
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-29-2015, 01:44 AM   #1
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 349

Rep: Reputation: Disabled
packet trace question

I have an Arch Linux mail server that is directly connected to the internet, and firewalled appropriately with iptables (default DROP on the single ethernet interface, allow only necessary ports). From time to time in a packet trace on the internet interface, I see the following:

Code:
01:36:58.763123 IP 91.215.232.75 > 50.252.x.x: ICMP 91.215.232.75 udp port 53 unreachable, length 67
Where 50.252.x.x is my mail server. The source is always a random IP address, and is usually an ICMP "port 53 unreachable" message.

I always figured that this is an attempt by someone to try and somehow redirect my system to use their DNS server (because of the port 53 reference), or at least to get my system to respond to it in some way. Is this likely to be what is happening? Are there systems out there that will respond to this kind of spoof technique?
 
Old 07-31-2015, 05:50 AM   #2
mralk3
Slackware Contributor
 
Registered: May 2015
Distribution: Slackware
Posts: 1,900

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
Your best bet is to make sure your server kernel will never be able to respond to such requests. Enabling some basic TCP/IP Stack hardening using a sysctl config will prevent your system from responding. Configure and forget.

Here is some Arch documentation:

https://wiki.archlinux.org/index.php...tack_hardening

You will receive all sorts of malformed packets and requests on a server such as yours. The best thing you can do is minimize the possibility that your server will respond to such requests.

Additionally, if you set up your firewall to ignore certain packet types, you will have less problems too. Here is an IPTables script that I use as a starting point on fresh installations of Slackware servers.

https://github.com/BrentonEarl/Iptab...er/rc.firewall
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sir, While installing ns2.34 on fedora 16 got the error : trace/cmu-trace.cc 1327:22 jeevanpinto Linux - Newbie 2 06-28-2012 03:35 AM
Problem with calculate loss packet and Mean delay in a a trace file of wimax maymouna Linux - Newbie 3 07-05-2011 06:06 PM
Question about Call Trace kulturfenster Linux - Kernel 1 12-05-2009 12:38 PM
How to write a sniffer application to trace the Ethernet packet transmission? gauravholey Linux - Kernel 1 07-12-2009 03:45 PM
How to trace and disable the HTTP TRACE method in Apache 1.3.33 with FreeBSD? SomnathG Linux - Security 1 11-11-2008 09:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:09 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration