MortenSchmidt Posted January 6, 2015 Share Posted January 6, 2015 I've got entries like these in my syslog. 7 times this past week. Dec 31 13:51:43 FileServer kernel: UDP: bad checksum. From 186.89.150.42:21296 to 192.168.2.3:1109 ulen 297 (Minor Issues) Jan 1 04:46:21 FileServer kernel: UDP: bad checksum. From 112.238.145.197:1051 to 192.168.2.3:1113 ulen 319 (Minor Issues) Jan 2 04:42:30 FileServer kernel: UDP: bad checksum. From 112.238.145.197:1051 to 192.168.2.3:1114 ulen 319 (Minor Issues) Jan 3 15:52:15 FileServer kernel: UDP: bad checksum. From 5.138.108.134:6881 to 192.168.2.3:1115 ulen 298 (Minor Issues) Jan 5 08:53:17 FileServer kernel: UDP: bad checksum. From 5.138.115.188:6881 to 192.168.2.3:1115 ulen 319 (Minor Issues) Jan 5 12:27:51 FileServer kernel: UDP: bad checksum. From 5.138.102.239:20621 to 192.168.2.3:1115 ulen 310 (Minor Issues) Jan 5 16:44:25 FileServer kernel: UDP: bad checksum. From 5.138.115.188:6881 to 192.168.2.3:51413 ulen 320 (Minor Issues) I have port 51413 forwarded to my server for Transmission BT client, but port 1109 to 1115 are not open. I have confirmed those to be 'stealth' with GRC's shields up. I also have 4 of these this past week: Jan 2 15:07:07 FileServer kernel: python[15327]: segfault at 58 ip 000000000052c8d8 sp 00002ab640800140 error 4 in python2.7[400000+2bd000] (Errors) Jan 4 00:21:52 FileServer kernel: python[818]: segfault at 58 ip 000000000052c8d8 sp 00002b781d546b60 error 4 in python2.7[400000+2bd000] (Errors) Jan 4 03:03:11 FileServer kernel: python[27730]: segfault at 58 ip 000000000052f1cb sp 00002b17b1166920 error 4 in python2.7[400000+2bd000] (Errors) Jan 5 22:58:01 FileServer kernel: python[31691]: segfault at 58 ip 000000000052c8d8 sp 00002af8c0b23220 error 4 in python2.7[400000+2bd000] (Errors) I'm running dockers for sickbeard and couchpotato both of which are python apps - but the above does not give any hint as to which one crashed. They seem to be running fine everytime I access them. I also understand the phusion baseimage uses python for some init tasks. Googling seems to suggest there is an 'udp short packet attack' that can crash apps on a server under attack. Should I be worried? And why am I seeing stuff on port 1115 which isn't exposed to the internet??? Link to comment
reggierat Posted January 6, 2015 Share Posted January 6, 2015 I've been seeing a few of these as well, i'd just attributed them to torrents i had running with Deluge Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.