dmesg Invalid packet / INPUT packet died flood
Instead of the normal dmesg output I get this:
Code:
0.136.149 LEN=131 TOS=0x00 PREC=0x20 TTL=111 ID=1852 PROTO=UDP SPT=54242 DPT=33614 LEN=111 Also, I have an 'rc.firewall' script generated by Alien Bob's EFG up and running. Thanks beforehand for suggestions and theories, etc. :) |
DPT=33614
thats the clue....what app have you got with that port open? given the diverse source IP's, it looks like a p2p app shut down, but peers still trying to connect tobyl |
Looks normal to me - you'll find a rule somewhere in your firewall script that logs dropped packets and prefixes them with "INPUT packet died:"
|
In rc.firewall there is:
Quote:
Quote:
Quote:
Quote:
I guess if it's normal, then it's fine. Thanks for the responses. |
Well it is a bit curious.
You were flooded with packets directed at one port from a lot of different sources. So why do lots of people try to connect via udp to a particular host? The two obvious ones that strike me are p2p and online gaming. Had you been doing something of this sort, and then closed the application, I think you would see this behaviour. Once you closed that app, the port would not show up in socklist. Since you only scanned 1697 ports with nmap, you would not have seen port 33614 even if it were open. The other possibilty that occurs to me, is that if you got a dynamically allocated IP address shortly after a previous user had released it, you may have been getting hits (probably legit) that were intended for the previous user. hope I didn't bore you :-) tobyl |
No, it's not boring, it's interesting. I was most puzzled about why it's only 100 lines long, the entire output is usually much longer, but then I bet it only keeps a certain number of bytes available for output with the dmesg command at any one time.
I guess it was nothing. I panic sometimes for no good reason. Mostly when I can't understand something. |
All times are GMT -5. The time now is 05:42 AM. |