What the hell is trying to kill me?
I have a REALLY weird firewall log here. I just noticed the insane amount of sniffing going on. It seems as if every IP in the world is trying to kill me…..
Well, it's not "sniffing" or port-scanning, it's just multiple connection attempts to port 12596 over TCP & UDP (blocked by the firewall).
If your IP is assigned dynamically by your ISP, it's possible that it was previously assigned to someone who ran a service on that port (e.g. a bittorrent tracker). The quickest method to find out if someone is targeting you, would be to just change your (dynamic) IP.
Yeah I would not call such low amount of traffic any sort of attack.. The torrent theory fits, does not have to be that you jut got a new IP. If your using UPnP for your client and it changed ports on you - you going to see traffic to old port for days and days and days.
If it bothers you, or fills up your logs - prob best to just create a rule to not log it.
I have a clean up rule that does not log udp – there is just way to too much noise to worry about.