[Opensim-users] Port probes
Justin Clark-Casey
jjustincc at googlemail.com
Tue Jan 24 23:58:47 UTC 2012
On 24/01/12 15:53, Kevin Buckley wrote:
> Having recently restarted my local opensim server I find that the access port is attracting a huge volume of what seem
> to be port probes. On the console it looks like this:
>
> 15:18:27 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from 109.170.204.74:10646:
>
> 15:18:27 - 23 5A 02 E3 2A F7 56 8B 79 D5 94 B4 26 78 C8 E2
>
> 2C 79 90 65 62 4D 2E 4E 9D CC 6B 89
>
> 15:20:34 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from 86.164.18.198:57353:
>
> 15:20:34 - 24 F0 02 A6 11 7F 18 8B 79 D5 94 B6 28 22 ED 60
>
> BE 20 5A 4E 7F 9F 26 80 2F B6 C5 82
>
> 15:30:18 - [LLUDPSERVER]: Malformed data, cannot parse 28 byte packet from 174.118.94.143:3320:
>
> 15:30:18 - BE B9 02 9B 16 04 46 A4 36 2E 93 97 3E 5C C3 DA
>
> 02 20 D2 DA 5F A1 07 69 7F B4 B6 05
>
> There are many hundreds of them throughout the day – often from the same source, often from a variety of souces. Leaving
> a port sniffer running (Wireshark) confirms that this is real. If I search on some of the IP addresses, some of them
> show up in Google as previous spambot or phishing sources.
>
> If I run ‘ShieldsUp’ it shows that the opensim port DOES respond if poked remotely.
>
> Has anyone seen this? Is it a problem?
This shouldn't be a problem since any such malformed packets are thrown away. However, I can see where constant ERROR
messages about this could get annoying.
>
> I would have thought that it would be better for the Opensim access port to be stealthy unless it receives a valid UDP
> packet?
I don't believe you can selectively open a port short of port-knocking. And that would be impossible for every single
UDP packet.
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
More information about the Opensim-users
mailing list