[EMAIL PROTECTED] writes: > I've been seeing a lot of Protocol 17 messages destined for port 27015. > I looked on the snort page to see what it said, and it didn't have any > matches. Can anybody tell me what could be happening here? These are > comming from multiple computers every few seconds. They are being DENIED > by my firewall scripts, but I'd rather not have my limited bandwith > wasted like this.
They're game ports. The appropriate FAQ, <http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html#1.1> (which you should bookmark, if not already) points at 27910+ for Quake, and I'm pretty sure I've seen one or two such games using roughly that range. In fact, on a google search, <http://archives.neohapsis.com/archives/incidents/2000-04/0077.html> pertains - it's Half-Life. The distributed nature of the source-ports goes hand in hand with it being a game as well; I don't think it'll last long, as once everyone realises you're not responding they'll stop asking, so it's not a bandwidth-eating problem. HTH, ~Tim -- A big sky above me, |[EMAIL PROTECTED] West winds blow. |http://piglet.is.dreaming.org
