Probably not the right place to ask,
but on my server in Italy I''m getting a large number of packets
from random addresses, but all on port 55460,
eg today''s logwatch had
----------------------------------
Dropped 34698 packets on interface eth0
From 1.11.233.123 - 1 packet to udp(55460)
From 1.23.134.180 - 1 packet to udp(55460)
...
----------------------------------
Yesterday
----------------------------------
Dropped 32960 packets on interface eth0
From 1.22.16.115 - 1 packet to udp(55460)
From 1.22.30.108 - 1 packet to udp(55460)
...
---------------------------------
I''m running shorewall on this CentOS-5.6 machine,
and also fail2ban .
I''m using a Billion 5200 modem/router to connect my server to the
internet.
I probably could do something on this to stop the packets
before they get to the server, but would this be worth-while?
I haven''t tried programming the Billion at all.
Also, does the port 55460 signify anything?
Finally, is there anything more that I could or should do in shorewall ?
At present I have
---------------------------------
#
# Policies for traffic originating from the Internet zone (net)
#
net $FW DROP info
net loc DROP info
net all DROP info
---------------------------------
in /etc/shorewall/policy .
Any suggestions gratefully received.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2