FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

LinkBack Thread Tools
Old 12-12-2011, 05:53 AM
Karl Auer
Default What's the best rule with UFW to stop and forget udp scan on port 68?

On Mon, 2011-12-12 at 07:27 +0100, Olivier Pavilla wrote:
> Some jerks everyday and everyhour do udp scan on port 68.

That might not be a "jerk" - it might be related to DHCP, which uses UDP
ports 67 and 68. The regularity of the packets - every hour of every day
- also suggests that it might be normal DHCP. On the other hand, clients
don't usually get unsolicited DHCP stuff, but if DHCP is operating in
broadcast mode you might be seeing normal traffic to that port.

> port 68 is blocked. How to stop ufw logging this kind type of scan?

Doesn't "ufw deny 68/udp" work? By default ufw only logs packets that
match rules if it is specifically asked to. If your system is blocking
udp/68 because of a policy (rather than a specific rule), just add that
rule and the logging should stop.

Regards, K.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687

ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Thread Tools

All times are GMT. The time now is 02:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org