Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port 8080 and lots of SYN packets.

stubbis
Hi,

I'm not able to figure out what makes so much SYN traffic on port 8080. Anyone gets something out of this log? Both src mac and dst mac is allways the same, and I'm not able to find the source mac adr in my network. So were does it come from? Proxy is disabled. Probably an easy explanation from you guys. I'm new to this. [:)]

Everything was good, and then this suddenly came from nothing. 


2013:12:31-03:12:11 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="74.63.200.89" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="3341" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:11 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="189.6.51.254" dstip="*.*.*.*" proto="6" length="40" tos="0x00" prec="0x00" ttl="43" srcport="16881" dstport="50001" tcpflags="RST" 
2013:12:31-03:12:11 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="23.19.54.153" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="232" srcport="4259" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="173.234.235.102" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="109" srcport="1034" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="173.234.41.34" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="1324" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="64.31.17.216" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="2012" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="69.162.75.170" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="41" srcport="1267" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="216.245.202.14" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="4736" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="64.120.56.227" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="234" srcport="4719" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="74.63.200.83" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="41" srcport="4850" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="23.19.75.222" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="105" srcport="2777" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="64.120.56.229" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="234" srcport="2838" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="23.19.54.149" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="232" srcport="2049" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:12 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="23.19.130.182" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="106" srcport="4265" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="173.234.33.68" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="2665" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="70.32.43.186" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="245" srcport="4434" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="69.162.97.210" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="3684" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="23.19.54.149" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="232" srcport="1549" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="216.245.205.197" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="41" srcport="4482" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="98.126.50.180" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="105" srcport="2999" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="208.115.246.237" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="2098" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="173.234.224.61" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="1" srcport="1329" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="69.162.75.169" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="39" srcport="3651" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="173.234.33.67" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="2833" dstport="8080" tcpflags="SYN" 
2013:12:31-03:12:13 host ulogd[8069]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="d4:8c:b5[:D]c:43:7f" dstmac="0:c:29:58[:D]7:61" srcip="63.143.33.3" dstip="*.*.*.*" proto="6" length="48" tos="0x00" prec="0x00" ttl="41" srcport="2943" dstport="8080" tcpflags="SYN"


This thread was automatically locked due to age.
Parents
  • 0
    Hi, 

    Assuming these are from the internet, the source MAC is your modem or your ISP's router.
    (e.g. a red herring)

    One possibility is that your external IP changed, and you got one that was previously running a server on 8080. If so, try to force an IP change again.

    Barry
  • 0 in reply to BarryG
    Hi, 

    Assuming these are from the internet, the source MAC is your modem or your ISP's router.
    (e.g. a red herring)

    One possibility is that your external IP changed, and you got one that was previously running a server on 8080. If so, try to force an IP change again.

    Barry


    Thank you, I will check and report back.
Reply
  • 0 in reply to BarryG
    Hi, 

    Assuming these are from the internet, the source MAC is your modem or your ISP's router.
    (e.g. a red herring)

    One possibility is that your external IP changed, and you got one that was previously running a server on 8080. If so, try to force an IP change again.

    Barry


    Thank you, I will check and report back.
Children
No Data