Community Forums
Connect with us on LinkedIn
Community Notice
Strange messages in /var/log/messages
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 08-16-2003 11:14 AM #1
    kcdworks
    kcdworks is offline
    Member
    Join Date
    Jul 2002
    Posts
    186
    Send a message via ICQ to kcdworks Send a message via AIM to kcdworks Send a message via Yahoo to kcdworks

    Default Strange messages in /var/log/messages

    We are having a really strange message in our /var/log/messages file.

    Aug 16 10:08:57 server3 kernel: **UDP DROP** IN=eth0 OUT= MAC=00:50:22:9a:d6:37:00:e0:52:08:b8:bd:08:00 SRC=81.101.161.91 DST=64.246.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=7 ID=60403 PROTO=UDP SPT=60341 DPT=33496 LEN=20

    The bold IP address is always there. It belongs to RIPE, according to an ARIN whois. I've added it to hosts.deny, but that message contiues to appear at the rate of 1 per second.

    Any ideas?

    cPanel.net Support Ticket Number:
    UNIX Sex
    {look;find;talk;grep;touch;finger;find;flex;unzip;mount;workbone;
    fsck;yes;gasp;fsck;yes;eject;umount;makeclean;zip;split;done;exit}
    Reply With Quote Reply With Quote
  2. 08-16-2003 02:06 PM #2
    mmkassem
    mmkassem is offline
    Member
    Join Date
    Oct 2002
    Location
    Egypt
    Posts
    391

    Default Re: Strange messages in /var/log/messages

    Originally posted by kcdworks
    We are having a really strange message in our /var/log/messages file.

    Aug 16 10:08:57 server3 kernel: **UDP DROP** IN=eth0 OUT= MAC=00:50:22:9a:d6:37:00:e0:52:08:b8:bd:08:00 SRC=81.101.161.91 DST=64.246.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=7 ID=60403 PROTO=UDP SPT=60341 DPT=33496 LEN=20

    The bold IP address is always there. It belongs to RIPE, according to an ARIN whois. I've added it to hosts.deny, but that message contiues to appear at the rate of 1 per second.

    Any ideas?

    cPanel.net Support Ticket Number:
    It is owned by:
    netname: NTL
    descr: NTL Infrastructure - Luton
    country: GB

    If ARIN tells you it is owned by RIPE you have to check RIPE to know whois the block is assigned to.

    PROTO=UDP DPT=33496
    It's a high port, UDP and within the range used to traceroute (using UDP not ICMP)

    You should not worry.
    // Mahmoud
    http://www.cpanelplus.com
    Reply With Quote Reply With Quote
  3. 08-16-2003 04:18 PM #3
    kcdworks
    kcdworks is offline
    Member
    Join Date
    Jul 2002
    Posts
    186
    Send a message via ICQ to kcdworks Send a message via AIM to kcdworks Send a message via Yahoo to kcdworks

    Default

    I forgot to come back to this thread, but it stopped about three minutes after I posted that.

    Thanks for the reply.

    cPanel.net Support Ticket Number:
    UNIX Sex
    {look;find;talk;grep;touch;finger;find;flex;unzip;mount;workbone;
    fsck;yes;gasp;fsck;yes;eject;umount;makeclean;zip;split;done;exit}
    Reply With Quote Reply With Quote
«   FTP Subdomain Name keep dissapear | FP and Cpanel problem »     
Similar Threads & Tags
Similar threads

  1. What is this in /var/log/messages
    By foxdevil in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 05-19-2008, 10:41 PM
  2. can you help me analyze the /var/log/messages ?
    By meeti in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 01-27-2008, 02:27 AM
  3. var/log/messages question
    By conners in forum New User Questions
    Replies: 4
    Last Post: 06-17-2007, 11:34 AM
  4. Getting access to /var/log/messages
    By Ben in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 09-10-2003, 02:44 AM
  5. missing /var/log/messages
    By ialex03 in forum cPanel and WHM Discussions
    Replies: 6
    Last Post: 05-19-2003, 12:39 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube