Could anyone help explain this message log.

keat63

• October 13, 2016 06:43

GUys. Could anyone help explain what's going on with this message log entry. Oct 13 12:33:09 myserver kernel: [138712.077642] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:20:2a:10:1a:08:00 SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=172 TOS=0x00 PREC=0x00 TTL=128 ID=14322 PROTO=UDP SPT=1026 DPT=8197 LEN=152 Both IP's are on the same subnet as my server, so presumably in the same data centre. Why would XXX on port 1026 be trying to connect to YYY on port 8197 through my server.

• 

  cPanelMichael

  • October 13, 2016 23:31

  Hello, It's difficult to know for sure what services are running on those port numbers. You could reach out to your data center if the IP address is under the same subnet to see if they recognize those ports and use them for a particular feature or purpose. Thank you.

  0
• 

  keat63

  • October 18, 2016 07:23

  I was seeing quite a lot of traffic from the offending IP, so i reported it to the data centre. I'm not entirely sure what they did, but the traffic has ceased.

  0

Please sign in to leave a comment.