Question about /var/log/messages

[boristheblade]

I use Centos 7 with directadmin on a VPS

Ever since I installed CSF+LFD and Fail2ban I see these incoming udp (which gets blocked) lines on port 33445 every 10 seconds in my /var/log/messages. All these have the same source aswel.

Code: Select all

Jul  6 23:47:10 nlamswsp01 kernel: Firewall: *UDP6IN Blocked* IN=eth0 OUT= MAC=33:33:00:00:00:01:52:54:00:d5:04:93:86:dd SRC=fe80:0000:0000:0000:5054:00ff:fed5:0493 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=81 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=33445 DPT=33445 LEN=41 

What is this connection and where is it coming from? Why is it every 10 seconds?

When I look up the ip6 address on different sites they tell me its a so-called private ipaddress, does this means this ip6 is a local address?


I was hoping someone overhere could tell me more about this or point me in the right direction.

Thank you and much appreciated!

[Sergio]

Have you tried what it says in CSF configuration at UPD OUT:

Allow outgoing UDP ports
To allow outgoing traceroute add 33434:33523 to this list

[boristheblade]

First, thanks for your reply!

Please correct me if I'm wrong, but arent these incoming UDP connections? Port 33445 on incoming (outgoing aswel btw) UDP is obviously blocked in CSF and I dont see any reason to open it, other than for the traceroute functions.

I'm getting these every 10 seconds, I've searched google quite a bit ofcourse. But I cant find any reason for why this is happening.

Any information is appreciated