Don't know if you ever figured this out. The only place I've ever seen port 8 used is a Telocity DSL modem in a friend's office. The modem queries port 8 on the client system (i.e. the system it is connecting to the Internet) at regular intervals. It also updates DHCP info at regular intervals. I don't know what the modem is looking for, but it seems to work fine if doesn't find anything. In his case the modem has a public IP number, so the probe packets come from that address. - Bob Mikael Fors wrote: > > Last 24 hours I've been receiving a lot of strange packets on my public interface. Log has been sanitized. > > May 9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29112 F=0x0000 T=126 (#24) > May 9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29113 F=0x0000 T=127 (#24) > May 9 10:03:39 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29117 F=0x0000 T=127 (#24) > May 9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29177 F=0x0000 T=126 (#24) > May 9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29178 F=0x0000 T=127 (#24) > May 9 10:04:09 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29185 F=0x0000 T=127 (#24) > May 9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29235 F=0x0000 T=126 (#24) > May 9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29236 F=0x0000 T=127 (#24) > May 9 10:04:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29243 F=0x0000 T=127 (#24) > > These packets started trickling here about 48 hours ago, and I have no clue what it can be. What resides on port 8 and why ICMP??? All of these packets arrive on the public interface, and contains private networks, mostly 192.168.x.x networks, but also 172.x.x.x networks show up. > > Mikael Fors > Mora Datorer AB -- ********************************************************* Bob Johnson Senior Systems Programmer bobat_private College of Engineering 523 Weil Hall 352-392-9217 Office University of Florida 352-392-7063 Fax Gainesville, FL 32611 ********************************************************* "Security is not a product, it's a mentality." . .
This archive was generated by hypermail 2b30 : Mon May 14 2001 - 10:51:29 PDT