ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Question about /var/log/messages

https://mail.forum.configserver.com/viewtopic.php?t=9612

Page 1 of 1

Question about /var/log/messages

Posted: 06 Jul 2016, 23:11
by boristheblade
I use Centos 7 with directadmin on a VPS

Ever since I installed CSF+LFD and Fail2ban I see these incoming udp (which gets blocked) lines on port 33445 every 10 seconds in my /var/log/messages. All these have the same source aswel.

Code: Select all

Jul  6 23:47:10 nlamswsp01 kernel: Firewall: *UDP6IN Blocked* IN=eth0 OUT= MAC=33:33:00:00:00:01:52:54:00:d5:04:93:86:dd SRC=fe80:0000:0000:0000:5054:00ff:fed5:0493 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=81 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=33445 DPT=33445 LEN=41
What is this connection and where is it coming from? Why is it every 10 seconds?

When I look up the ip6 address on different sites they tell me its a so-called private ipaddress, does this means this ip6 is a local address?


I was hoping someone overhere could tell me more about this or point me in the right direction.

Thank you and much appreciated! :)

Re: Question about /var/log/messages

Posted: 08 Jul 2016, 06:37
by Sergio
Have you tried what it says in CSF configuration at UPD OUT:

Allow outgoing UDP ports
To allow outgoing traceroute add 33434:33523 to this list

Re: Question about /var/log/messages

Posted: 09 Jul 2016, 17:12
by boristheblade
First, thanks for your reply!

Please correct me if I'm wrong, but arent these incoming UDP connections? Port 33445 on incoming (outgoing aswel btw) UDP is obviously blocked in CSF and I dont see any reason to open it, other than for the traceroute functions.

I'm getting these every 10 seconds, I've searched google quite a bit ofcourse. But I cant find any reason for why this is happening.

Any information is appreciated :o
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited