i have this anti-spoof rule in iptables :
Code:
cat /root/bogon-bn-nonagg.txt |\
egrep -ve "(^127\.|^192\.168\.|^41\.|^73\.|^76\.|^89\.|^90\.|^121\.|^122\.|^123\.\
|^124\.|^125\.|^126\.|^189\.| ^190\.)"|while read s; do
/sbin/iptables -t nat -I PREROUTING -i eth0 -s $s -j DROP
/sbin/iptables -t nat -I PREROUTING -i eth0 -s $s -j ULOG --ulog-prefix 'BOGON_SPOOF:'
done
And i have found many of these logs:
Code:
Sep 2 13:15:07 argo BOGON_SPOOF: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=180.193.136.244 DST=192.168.0.2 LEN=519 TOS=00 PREC=0x00 TTL=54 ID=17219 PROTO=UDP SPT=31242 DPT=1026 LEN=499
As you see it's hitting port 1026 and they are all i say all hitting port 1026 what couuld it mean ?
Code:
cat /etc/services | grep 1026
doesn't give me anything should i be worried ?
Thanx!