Anyone can explain why I see hundreds of this? from a different IP addrs (diffrent SRC) and what is this mean? Is there any plauge war? or losse virus?? Aug 12 23:42:24 Deneb kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=112.127.29.18 DST=203.77.234.102 LEN=32 TOS=0x00 PREC=0x00 TTL=112 ID=1531 PROTO=UDP SPT=3646 DPT=28800 LEN=12 Aug 12 23:42:24 Deneb kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=213.170.112.15 DST=203.77.234.102 LEN=32 TOS=0x00 PREC=0x00 TTL=107 ID=16427 PROTO=UDP SPT=28800 DPT=28800 LEN=12
On Monday 12 August 2002 18.49, Mojojojo wrote:
Anyone can explain why I see hundreds of this? from a different IP addrs (diffrent SRC) and what is this mean?
As far as I can find from a web search, port 28800 is used by MSN Gaming Zone. I wouldn't be surprised if there was a vulnerability in it, and what you're seeing is some script kiddie's attempt to find targets. Your firewall is DROPping them though, so it's nothing to worry about. regards Anders -- `When I use a word,' Humpty Dumpty said in rather a scornful tone, `it means just what I choose it to mean -- neither more nor less.'
participants (2)
-
Anders Johansson
-
Mojojojo