[OpenAFS] Strange logs from a Windows Client
Russ Allbery
rra@stanford.edu
Thu, 17 Mar 2011 14:16:55 -0700
Steve Simmons <scs@umich.edu> writes:
> On Mar 10, 2011, at 10:46 AM, Claudio Prono wrote:
>> I have found some strange logs from a windows Client to my AFS:
>> Mar 9 14:52:22 afs kernel: [8648828.273271] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 88/73 to xxx.xxx.xxx.xxx:7000
>> Mar 9 15:16:39 afs kernel: [8650285.187992] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 78/73 to xxx.xxx.xxx.xxx:7000
>> Mar 9 16:28:58 afs kernel: [8654623.984326] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 76/73 to xxx.xxx.xxx.xxx:7000
>> Any idea of what can be? I have looked at the Client, but all seems ok....
> We have occasionally seen these. Other folks here tell me it's usually
> due to low-quality hacking tools doing UDP-based probes. When they
> happen here, the source address is always from various places
> off-campus.
That was my first thought as well, but it's a fairly huge coincidence for
a generic hacking tool to connect to port 7000 from source port 7001.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>