What the hell is trying to kill me?
jamesaepp last edited by
I have a REALLY weird firewall log here. I just noticed the insane amount of sniffing going on. It seems as if every IP in the world is trying to kill me…..
dhatz last edited by
Well, it's not "sniffing" or port-scanning, it's just multiple connection attempts to port 12596 over TCP & UDP (blocked by the firewall).
If your IP is assigned dynamically by your ISP, it's possible that it was previously assigned to someone who ran a service on that port (e.g. a bittorrent tracker). The quickest method to find out if someone is targeting you, would be to just change your (dynamic) IP.
Yeah I would not call such low amount of traffic any sort of attack.. The torrent theory fits, does not have to be that you jut got a new IP. If your using UPnP for your client and it changed ports on you - you going to see traffic to old port for days and days and days.
If it bothers you, or fills up your logs - prob best to just create a rule to not log it.
I have a clean up rule that does not log udp – there is just way to too much noise to worry about.