Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Is this normal?

aatish910aatish910 Member
edited August 2012 in Help

I use Logwatch to get daily log summary via email. Within few days, I have been noticing these:

Logged 4141 packets on interface eth0 
From 0.0.0.0 - 287 packets to udp(67) 
From xx.xx.xx.xx - 646 packets to udp(17500)
From xx.xx.xx.xx  - 842 packets to udp(17500)
From xx.xx.xx.xx  - 506 packets to udp(67,17500)
From xx.xx.xx.xx  - 1 packet to udp(67)
From xx.xx.xx.xx  - 413 packets to udp(17500)
From xx.xx.xx.xx  - 1 packet to udp(67)
From xx.xx.xx.xx  - 727 packets to udp(67,17500) 
-----Similar Lines but on different ports and only one packet per IP -----

Other lines are just for 1 packets to different ports. Seems like there are massive number of packets to port 17500 and 67.
Is this normal? And, why was there a packet from 0.0.0.0?

Comments

  • ServerSharpServerSharp Member, Host Rep
    edited August 2012

    Tip, use the pre tags :)

    Thanked by 1aatish910
  • rds100rds100 Member

    No, it is not normal to log all UDP packets :) You are killing your server with all this logging.
    Port 67 is normal - it is dhcp. When you are in a shared segment and there are machines setup to get their IPs via dhcp - you will see a lot of these.

  • aatish910aatish910 Member

    What about Port 17500?

  • rds100rds100 Member

    According to google it is some sort of dropbox lan client sync. Perhaps you are on a lan with windows boxes.

  • aatish910aatish910 Member

    On a KVM VPS?

  • rds100rds100 Member

    Yes, probably.

  • aatish910aatish910 Member
    edited August 2012

    IPs aren't from the same subnet but are from the same DC.

  • rds100rds100 Member

    So they are running one big flat LAN. Asking for trouble.

    Thanked by 1klikli
  • aatish910aatish910 Member

    Shouldn't Dropbox LAN sync be broadcasting only on a subnet on which it belongs?

    Thanked by 1klikli
  • gsrdgrdghdgsrdgrdghd Member

    Dude one gets 1000s of portscans every day. Just disable the annoying logwatch email and you'll be fine.

  • aatish910aatish910 Member

    Do Portscanners generate that much packets to a single port to just check whether it is open or not?
    I am disabling the whole iptables logging thing.

  • prometeusprometeus Member

    @rds100 said: So they are running one big flat LAN. Asking for trouble.

    Or small subnets are routed to the node every time more ip are needed ;)

  • rds100rds100 Member

    @prometeus said: Or small subnets are routed to the node every time more ip are needed ;)

    Yeah, that would be the far better approach :)

  • gsrdgrdghdgsrdgrdghd Member

    @aatish910 said: Do Portscanners generate that much packets to a single port to just check whether it is open or not?

    Sure, if you get portscanned 700 times a day and each portscanner tries the port one time.

  • aatish910aatish910 Member

    It's getting 700 packets from 1 IP.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    Now imagine your server gets targeted by UDP flood for a couple of hours. The log will be nicely filled.

    Thanked by 1klikli
Sign In or Register to comment.