What's the best rule with UFW to stop and forget udp scan on port 68?

Karl Auer kauer at biplane.com.au
Mon Dec 12 06:53:20 UTC 2011

On Mon, 2011-12-12 at 07:27 +0100, Olivier Pavilla wrote:
> Some jerks everyday and everyhour do udp scan on port 68.

That might not be a "jerk" - it might be related to DHCP, which uses UDP
ports 67 and 68. The regularity of the packets - every hour of every day
- also suggests that it might be normal DHCP. On the other hand, clients
don't usually get unsolicited DHCP stuff, but if DHCP is operating in
broadcast mode you might be seeing normal traffic to that port.

> port 68 is blocked. How to stop ufw logging this kind type of scan?

Doesn't "ufw deny 68/udp" work? By default ufw only logs packets that
match rules if it is specifically asked to. If your system is blocking
udp/68 because of a policy (rather than a specific rule), just add that
rule and the logging should stop.

Regards, K.

Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687

More information about the ubuntu-users mailing list