Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Oh my Good - Packet filter log says there is something wrong

dreamertr
Hello,

When I check my Packet Filter log (it grows very fast - ca~52 mb in one week) I see something like below. When I activate Autoscroll every second I get 4-5 times this kind of information/error. I am sure that there is no virus on this PC.

There is something wrong with Port 24860, my PC is trying permanently connecting the WAN from this port. I searched the internet about this UDP 24860 port but didn't find something?

12:00:11  Default DROP  UDP  192.168.1.60  : 24860→200.158.190.51  :  60001 len=126  ttl=127  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:30:4f:58:c7:33

12:00:11  Default DROP  UDP  192.168.1.60  :  24860→60.240.100.225  :  25002 len=126  ttl=127  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:30:4f:58:c7:33

12:00:11  Default DROP  UDP  192.168.1.60  :  24860→84.42.30.253  :  57146 len=126  ttl=127  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:30:4f:58:c7:33

12:00:11  Default DROP  UDP  192.168.1.60  :  24860→125.224.122.238  :  31424 len=126  ttl=127  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:30:4f:58:c7:33

12:00:11  Default DROP  UDP  192.168.1.60  :  24860→89.38.252.165  :  58461 len=126  ttl=127  tos=0x00  srcmac=00:00:00:00:00:00  dstmac=00:30:4f:58:c7:33


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson
    Hello,

    First, there is something weird here: the source port is constant but the destination port moves around. That's the behavior of a server response rather than of a client packet.

    However, the source IP is in a private network so unless you've configured port forwarding on the gateway, it should be able to receive any packet that should trigger such a response.

    There are several applications that could cause such behavior, including the U torrent P2P app.

    My suggestion is to get a full packet capture: connect to your ASG through SSH, su to root and type:
    tcpdump -X "udp port 24860"

    Let it run until you have a few packet to analyse (you can stop it with "CTRL+C")


    but before you do this, make sure you're not simply running a p2p application on your own.
  • 0 in reply to StephaneGROBETY
    Thank you very much. U are right fulgan. I' ve installed Flashget which has the torrent feature. After I closed the application all the errors gone. [:)]


    Thank you very much for your advice.
    Have a nice day.