Re: [opensuse] Unusual traffic through eth0

Bob Williams wrote:

On 12/03/12 09:54, Per Jessen wrote:
Bob Williams wrote:

Last night, I noticed a regular pattern of blips in gkrellm's eth0
monitor. There were no internet active programs, such as e-mail or
web browser running, so I started Wireshark to see what was
happening.

Apart from the expected chatter between this machine and the router,
the following two lines repeated over and over, and it is continuing
on rebooting the machine this morning:

Source Destination Protocol Info
217.14.132.183 192.168.1.14 SIP Status: 100
Trying (0 bindings)
217.14.132.183 192.168.1.14 SIP Status: 401
Unauthorized (0 bindings)

Is this entirely innocent, or should I contact abuse@Domainmaster
(see below)?

Perhaps not entirely innocent (SIP attempts for VoIP), but I would
have thought your firewall should be blocking such traffic?


Really? I do run skype from time to time, and have tried out ekiga, so
maybe the SIP protocol is allowed.

Skype is proprietary, I don't know what ekiga does. SIP is "Session
Initiation Protocol" for standard VoIP. My Asterisk telephone server
is regularly flooded by SIP requests, bordering on a DoS attack.

The only services I have explicitly allowed in YaST Firewall
Configuration are Rsync server, Secure Shell server and xntp server.

I would expect that to mean that the SIP traffic is dropped or rejected..
Maybe check your firewall log.

All the above traffic seems to be one way, in other words, I never see
my machine sending a reply, I am always the destination, never the
source.

Maybe gkrellm is reporting on traffic before the firewall drops it.



--
Per Jessen, Zürich (9.8°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

Relevant Pages

  • Re: SIP question?
    ... I have been "into" SIP for a while and issues regarding SIP across firewalls ... SIP server you are connecting too, the latter def' being in their infancy ... connect particular extensions around the building to this switch and plug in ... avoiding the firewall altogether!! ...
    (microsoft.public.windows.server.sbs)
  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)