i'm getting alot (one every few seconds) of packets destined for one of my machines hitting port 3717/udp. does anyone have an idea what it is? Dec 20 21:17:51 firewall kernel: ##0 INPUT: IN=eth0 OUT= MAC=00:05:5d:2b:c8:ea:00:c0:7b:a3:0e:22:08:00 SRC=81.56.150.220 DST=somehost LEN=47 TOS=0x00 PREC=0x00 TTL=99 ID=54039 PROTO=UDP SPT=11807 DPT=3717 LEN=27 Dec 20 21:18:28 firewall kernel: ##0 INPUT: IN=eth0 OUT= MAC=00:05:5d:2b:c8:ea:00:c0:7b:a3:0e:22:08:00 SRC=68.59.42.250 DST=somehost LEN=47 TOS=0x00 PREC=0x00 TTL=110 ID=4842 PROTO=UDP SPT=3243 DPT=3717 LEN=27 Dec 20 21:19:04 firewall kernel: ##0 INPUT: IN=eth0 OUT= MAC=00:05:5d:2b:c8:ea:00:c0:7b:a3:0e:22:08:00 SRC=80.35.35.28 DST=somehost LEN=47 TOS=0x00 PREC=0x00 TTL=106 ID=16010 PROTO=UDP SPT=9142 DPT=3717 LEN=27 Dec 20 21:19:40 firewall kernel: ##0 INPUT: IN=eth0 OUT= MAC=00:05:5d:2b:c8:ea:00:c0:7b:a3:0e:22:08:00 SRC=203.2.94.119 DST=somehost LEN=47 TOS=0x00 PREC=0x00 TTL=98 ID=42501 PROTO=UDP SPT=10044 DPT=3717 LEN=27 Dec 20 21:20:17 firewall kernel: ##0 INPUT: IN=eth0 OUT= MAC=00:05:5d:2b:c8:ea:00:c0:7b:a3:0e:22:08:00 SRC=172.176.124.18 DST=somehost LEN=47 TOS=0x00 PREC=0x00 TTL=113 ID=18305 PROTO=UDP SPT=8899 DPT=3717 LEN=27 sample packet: 21:04:11.001441 212.144.222.22.19673 > somehost.3717: [udp sum ok] udp 19 (ttl 105, id 46615, len 47) 0x0000 4500 002f b617 0000 6911 d507 d490 de16 E../....i....... 0x0010 xxxx xxxx 4cd9 0e85 001b xxxx e30e 049f xxxxL.....xx.... 0x0020 c1d4 8a27 8233 fa0c 9899 3da0 74e5 0c ...'.3....=.t.. jacek ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 19:57:31 PST