The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could anyone help explain this message log.

Discussion in 'Security' started by keat63, Oct 13, 2016.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    GUys.

    Could anyone help explain what's going on with this message log entry.

    Oct 13 12:33:09 myserver kernel: [138712.077642] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:20:2a:10:1a:08:00 SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=172 TOS=0x00 PREC=0x00 TTL=128 ID=14322 PROTO=UDP SPT=1026 DPT=8197 LEN=152

    Both IP's are on the same subnet as my server, so presumably in the same data centre.
    Why would XXX on port 1026 be trying to connect to YYY on port 8197 through my server.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It's difficult to know for sure what services are running on those port numbers. You could reach out to your data center if the IP address is under the same subnet to see if they recognize those ports and use them for a particular feature or purpose.

    Thank you.
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I was seeing quite a lot of traffic from the offending IP, so i reported it to the data centre.
    I'm not entirely sure what they did, but the traffic has ceased.
     
    cPanelMichael likes this.
Loading...

Share This Page