Could anyone help explain this message log.

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
GUys.

Could anyone help explain what's going on with this message log entry.

Oct 13 12:33:09 myserver kernel: [138712.077642] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:13:20:2a:10:1a:08:00 SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=172 TOS=0x00 PREC=0x00 TTL=128 ID=14322 PROTO=UDP SPT=1026 DPT=8197 LEN=152

Both IP's are on the same subnet as my server, so presumably in the same data centre.
Why would XXX on port 1026 be trying to connect to YYY on port 8197 through my server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

It's difficult to know for sure what services are running on those port numbers. You could reach out to your data center if the IP address is under the same subnet to see if they recognize those ports and use them for a particular feature or purpose.

Thank you.
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I was seeing quite a lot of traffic from the offending IP, so i reported it to the data centre.
I'm not entirely sure what they did, but the traffic has ceased.
 
  • Like
Reactions: cPanelMichael