What's the best rule with UFW to stop and forget udp scan on port 68?
On Mon, 2011-12-12 at 07:27 +0100, Olivier Pavilla wrote:
> Some jerks everyday and everyhour do udp scan on port 68.
That might not be a "jerk" - it might be related to DHCP, which uses UDP
ports 67 and 68. The regularity of the packets - every hour of every day
- also suggests that it might be normal DHCP. On the other hand, clients
don't usually get unsolicited DHCP stuff, but if DHCP is operating in
broadcast mode you might be seeing normal traffic to that port.
> port 68 is blocked. How to stop ufw logging this kind type of scan?
Doesn't "ufw deny 68/udp" work? By default ufw only logs packets that
match rules if it is specifically asked to. If your system is blocking
udp/68 because of a policy (rather than a specific rule), just add that
rule and the logging should stop.