Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 804 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic In Packet Filter Log

enodev
Now that I cleaned up my filter log by dropping broadcast traffic, I found that people must think I'm file sharing...  eth2 is connected to my cable modem.   I think port 6348 is used by file sharing programs.  Any one else see this?  I may have to drop packets on this port.

2004-Apr 13 16:35:25 (none) kernel: UDP Drop: IN=eth2 OUT= SRC=210.8.26.73 DST= LEN=51 TOS=0x00 PREC=0x00 TTL=107 ID=521 PROTO=UDP SPT=6346 DPT=6348 LEN=31 
2004-Apr 13 16:45:40 (none) kernel: TCP Drop: IN=eth2 OUT= SRC=4.226.246.243 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=34675 DF PROTO=TCP SPT=4398 DPT=6348 WINDOW=8160 RES=0x00 SYN URGP=0 
2004-Apr 13 16:45:42 (none) kernel: TCP Drop: IN=eth2 OUT= SRC=4.226.246.243 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=34741 DF PROTO=TCP SPT=4398 DPT=6348 WINDOW=8160 RES=0x00 SYN URGP=0 
2004-Apr 13 16:45:49 (none) kernel: TCP Drop: IN=eth2 OUT= SRC=4.226.246.243 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=34886 DF PROTO=TCP SPT=4398 DPT=6348 WINDOW=8160 RES=0x00 SYN URGP=0


This thread was automatically locked due to age.
  • 0
    That's Gnutella-based clients; Dunno why they're hitting you (maybe your IP was last used by someone running it and clients are still trying to talk to it).
    Regardless, it won't hurt anything to drop them.

    Barry