LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   UDP: Short Packets: and UDP bad checksum: entries in dmesg (https://www.linuxquestions.org/questions/linux-networking-3/udp-short-packets-and-udp-bad-checksum-entries-in-dmesg-418886/)

minutes2memories 02-23-2006 06:12 PM

UDP: Short Packets: and UDP bad checksum: entries in dmesg
 
hi there,

have been closing down network access and fighting off DOS attacks. just did a dmesg and got many of these entries:

UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8
(lots of these)

we've had lots of dns-related unwanted dos traffic so nervous about the destination port of 53.

have searched and searched, and apart from possible problem with eth nic (?!) have found no answers. does anyone know where i should start looking or if these entries are something to be concerned about?

thanks, andrewg.

unSpawn 02-23-2006 07:46 PM

UDP: short packet: a.b.c.d:4660 3328/13 to e.f.g.h:53
(more lines of above) then
NET: 18 messages suppressed.
UDP: bad checksum. From a.b.c.d:17383 to e.f.g.h:33435 ulen 8

Ithis is not some ancient kernel version and if all your traffic across all protocols show checksum errors I'd investigate hardware/network issues. UDP checksums are optional. At least for the bad checksum message this means the kernel already discarded the packet and is just notifying you afterwards.


we've had lots of dns-related unwanted dos traffic.
I'd vote for iptables limiting.

minutes2memories 02-26-2006 07:28 PM

hi there,

thanks for the reply. yeah, new kernel would help and i'm getting to that. good to know there is no real issue with the short packet messages.

also have updated limit function in iptables. fwbuilder is a nice piece of software for building firewall tables btw.

thanks,
andrewg.


All times are GMT -5. The time now is 10:33 AM.