UDP_IN Blocked errors

A

ajax20

Verified User
Joined
Jul 16, 2014
Messages
142
Hi

After installing the csf for directadmin, I notice there are lots of UDP_IN Blocked errors in my messages log such as

Code: 
Aug 8 15:43:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=31698 P$
Aug 8 15:43:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=31699 P$
Aug 8 15:43:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=200 PRO$
Aug 8 15:43:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=201 PRO$
Aug 8 15:43:56 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7951 PROTO$
Aug 8 15:44:08 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:62:83:46:e6:0d:15:08:00 SRC=178.162.xxx.xxx DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PR$
Aug 8 15:44:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=1336 PR$
Aug 8 15:44:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=1337 PR$
Aug 8 15:44:35 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7953 PROTO$
Aug 8 15:44:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=2519 PR$
Aug 8 15:44:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=2520 PR$
Aug 8 15:45:09 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:62:83:46:e6:0d:15:08:00 SRC=178.162.xxx.xxx DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PR$
Aug 8 15:45:14 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7959 PROTO$
Aug 8 15:45:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=3708 PR$
Aug 8 15:45:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=3709 PR$
Aug 8 15:45:22 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=8e:8b:ee:bd:1a:cc:00:1c:73:3c:df:6d:08:00 SRC=122.170.x.xx DST=178.162.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=9496 DF PROT$
Aug 8 15:45:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=4891 PR$
Aug 8 15:45:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=4892 PR$
Aug 8 15:45:52 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7962 PROTO$
Aug 8 15:46:09 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:62:83:46:e6:0d:15:08:00 SRC=178.162.xxx.xxx DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PR$
Aug 8 15:46:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=6101 PR$
Aug 8 15:46:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=6102 PR$
Aug 8 15:46:30 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xxx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7964 PROTO$
Aug 8 15:46:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=7292 PR$
Aug 8 15:46:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=7293 PR$
Aug 8 15:47:08 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7966 PROTO$
Aug 8 15:47:09 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:62:83:46:e6:0d:15:08:00 SRC=178.162.xxx.xxx DST=255.255.255.255 LEN=115 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PR$
Aug 8 15:47:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=8469 PR$
Aug 8 15:47:19 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=8470 PR$
Aug 8 15:47:47 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ba:08:45:88:fc:a1:08:00 SRC=192.168.x.xx DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=7969 PROTO$
Aug 8 15:47:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=255.255.255.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=9542 PR$
Aug 8 15:47:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:f6:f3:49:7e:0a:54:08:00 SRC=178.162.xxx.xx DST=178.162.xxx.xxx LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=9543 PR$

What do these errors mean? The DST=178.162.xxx.xxx is not my server's IP address. Is firewall blocking some attacker flooding my UDP ports?

Thanks
 
What do these errors mean? The DST=178.162.xxx.xxx is not my server's IP address.
Click to expand...

You should contact your DC support, as somebody is probably flooding with UDP.

Is firewall blocking some attacker flooding my UDP ports?
Click to expand...


Firewall: *UDP_IN Blocked* IN=eth0 ...
 
Any solutions?

Can anything at all be done with respect to this sort of flooding?
 
More info

More info: There two or three instances of such errors with the mentioned IP address as destination IP address and again two or three UDP errors with the IP 255.255.255.255 as the destination IP address. Totally, each minute there are 5 or so instances of such errors.
 
If it abuses your server you should contact your DC (hosting-company) support. What else do you want to hear?
 
Is this error always indicative of an abuse?

You are right. But first I want to make sure if it is an abuse. I mean is this kind of error always indicative of an abuse?
 
So check history of load, other system parameters of your VPS in a hosting panel of your VPS; netstat, irq. If you need more information you'd better use open sources available in internet.

But still, you should open a ticket with your hosting company.
 
The 192.168.x.xx IP's are only used for internal networks, so I would tend to think you have a configuration error somewhere perhaps?
The 178.162.x.x ip's seem to be from a German provider/hoster. Google the exact IP, maybe it's one of their (name)servers trying to contact your server? Or maybe it's one of their clients/users trying to check your server.
 
You must log in or register to reply here.
Back
Top