Jump to content

Recommended Posts

Hello all,

Our dedicated server was suspended for a short time today with the following security log (switch traffic) issues. I added a firewall rule to get this sorted for now however does anybody have any idea what this could be?

 

06:11:04.017603 IP x.x.x.x.52218 > y.y.y.y.110: UDP, length 15

 

?

 

Regards,

Matt

Link to comment
https://forums.phpfreaks.com/topic/216766-security-issue-rootkit/
Share on other sites

Not 100% certain, but it appears to be mail related. Is your mail server set up as an open relay, perchance? Do you have any contact forms that haven't been protected against email header injection?

  • 1 month later...
  • 10 months later...

It looks to me like someones been trying to get into the POP3 service as POP3 works on port 110.

 

But on UDP (standing for of course User Datagram Protocol) connectionless network protocol good for media streaming but rubbish for sending over complete documents over any kind of network, as you would very often get (if not all the time) corrupted data on the receiving end (in this case being emails of course).

 

I would being that I have spent some time in working on PHP sockets would say you would be wise to block all UDP traffic to port 110, but does anyone know if POP3 uses UDP? I am not 100% sure as it could stop you receiving emails, I am not too sure.

 

I mean I have never looked out for POP3 using UDP but never seen it being used on my router (from what I can remember of course) which keeps track of all current states of my own network which houses my own small based server.

 

Hope this helps anyways,

Jeremy.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.