Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I'm getting alot of traffic on port 1026!!

chugger93
So I'm new to Astaro and use to use  Routing & Remote Access for Win2k3 as my gateway router with 2 NICS.  It worked, I guess, but obviously not even in the same vicenity as this astaro, wow Its amazing.

Anyways, I've noticed my logs lately filling up on 1026/1027.  Obviosuly nothing I could have ever known from using RAS because theres no logging.

here is a snippet:


2008:02:20-08:22:20 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="12.72.36.95" dstip="Take_Out_For_Security" proto="17" length="374" tos="0x00" prec="0x20" ttl="51" srcport="30296" dstport="1026" 
2008:02:20-08:25:13 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="202.238.74.58" dstip="Take_Out_For_Security" proto="6" length="60" tos="0x00" prec="0x20" ttl="36" srcport="37013" dstport="20000" tcpflags="SYN"
2008:02:20-08:25:16 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="202.238.74.58" dstip="Take_Out_For_Security" proto="6" length="60" tos="0x00" prec="0x20" ttl="36" srcport="37013" dstport="20000" tcpflags="SYN"
2008:02:20-08:25:53 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.208.208.104" dstip="Take_Out_For_Security" proto="17" length="486" tos="0x00" prec="0x20" ttl="38" srcport="41837" dstport="1027" 
2008:02:20-08:25:54 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.208.208.104" dstip="Take_Out_For_Security" proto="17" length="486" tos="0x00" prec="0x20" ttl="38" srcport="41837" dstport="1026" 
2008:02:20-08:26:30 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.209.110.9" dstip="Take_Out_For_Security" proto="17" length="485" tos="0x00" prec="0x20" ttl="38" srcport="40687" dstport="1026" 
2008:02:20-08:26:31 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.209.110.9" dstip="Take_Out_For_Security" proto="17" length="485" tos="0x00" prec="0x20" ttl="38" srcport="40687" dstport="1027" 
2008:02:20-08:27:18 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="164.48.119.198" dstip="Take_Out_For_Security" proto="17" length="374" tos="0x00" prec="0x20" ttl="51" srcport="30296" dstport="1026" 
2008:02:20-08:29:13 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="88.115.94.139" dstip="Take_Out_For_Security" proto="17" length="387" tos="0x00" prec="0x20" ttl="50" srcport="30296" dstport="1026" 
2008:02:20-08:29:52 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.231.171" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="63" srcport="34366" dstport="1028" 
2008:02:20-08:29:52 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.231.171" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="62" srcport="34366" dstport="1026" 
2008:02:20-08:29:53 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.231.171" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="62" srcport="34366" dstport="1027" 
2008:02:20-08:30:31 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.209.110.8" dstip="Take_Out_For_Security" proto="17" length="485" tos="0x00" prec="0x20" ttl="38" srcport="58983" dstport="1027" 
2008:02:20-08:30:56 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="68.87.77.133" dstip="Take_Out_For_Security" proto="17" length="86" tos="0x00" prec="0x00" ttl="55" srcport="53" dstport="32768" 
2008:02:20-08:30:56 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="68.87.77.133" dstip="Take_Out_For_Security" proto="17" length="75" tos="0x00" prec="0x00" ttl="55" srcport="53" dstport="32768" 
2008:02:20-08:30:56 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="68.87.77.133" dstip="Take_Out_For_Security" proto="17" length="75" tos="0x00" prec="0x00" ttl="55" srcport="53" dstport="32768" 
2008:02:20-08:30:57 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="68.87.77.133" dstip="Take_Out_For_Security" proto="17" length="75" tos="0x00" prec="0x00" ttl="55" srcport="53" dstport="32768" 
2008:02:20-08:34:58 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.218.138" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="63" srcport="23116" dstport="1026" 
2008:02:20-08:34:58 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.218.138" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="63" srcport="23116" dstport="1027" 
2008:02:20-08:34:59 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="24.64.218.138" dstip="Take_Out_For_Security" proto="17" length="512" tos="0x00" prec="0x20" ttl="62" srcport="23116" dstport="1028" 
2008:02:20-08:35:37 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.8.118.122" dstip="Take_Out_For_Security" proto="17" length="918" tos="0x00" prec="0x20" ttl="38" srcport="36512" dstport="1026" 
2008:02:20-08:35:38 (none) ulogd[2599]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" dstmac="00:17:9a:bd:2a:0e" srcmac="00:01:96:0d:73:01" srcip="221.8.118.122" dstip="Take_Out_For_Security" proto="17" length="918" tos="0x00" prec="0x20" ttl="38" srcport="36513" dstport="1027"




It happens throughout the night as well, so what could this be?  I've read its SPAM on the messenger service.  Could I really be getting this much of it though?  I mean, I just got a whole new IP, when I hooked up Astaro and configured it.  Comcast gave me a new DHCP address.


This thread was automatically locked due to age.
Parents
  • 0
    Yes, China for example is a huge exporter of that kind of spam. Pretty much everyone gets hammered with that kind of stuff. They simply broadcast (crawl) from ip address to ip address hitting it with "messenger" spam. These are the grey boxes you might get if you have no firewall and your right out on the Internet with a windows 98/xp box. Annoying, but not any kind of real threat.
Reply
  • 0
    Yes, China for example is a huge exporter of that kind of spam. Pretty much everyone gets hammered with that kind of stuff. They simply broadcast (crawl) from ip address to ip address hitting it with "messenger" spam. These are the grey boxes you might get if you have no firewall and your right out on the Internet with a windows 98/xp box. Annoying, but not any kind of real threat.
Children