I just noticed this in my ubuntu box's dmesg:
So, those are firewall block messages and it appears to be blocks related to TCP traffic directed at port 3483 (slim discovery) coming from my SB3 (a.k.a. SBClassic).
I thought everything on 3483 was UDP only. Should we be opening our firewalls on 3483 to TCP too?
Code:
[ 3783.689658] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8486 PROTO=TCP SPT=7435 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3803.692332] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8514 PROTO=TCP SPT=7437 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3823.702774] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8542 PROTO=TCP SPT=7439 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3843.712546] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8570 PROTO=TCP SPT=7441 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3863.721763] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8598 PROTO=TCP SPT=7443 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3883.730390] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8626 PROTO=TCP SPT=7445 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3903.738515] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8654 PROTO=TCP SPT=7447 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3923.746171] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8682 PROTO=TCP SPT=7449 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3943.753794] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8710 PROTO=TCP SPT=7451 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3963.760144] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8738 PROTO=TCP SPT=7453 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 3983.766560] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8766 PROTO=TCP SPT=7455 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 4003.772615] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8794 PROTO=TCP SPT=7457 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 4023.778361] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8822 PROTO=TCP SPT=7459 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 4043.783789] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8850 PROTO=TCP SPT=7461 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 4063.789521] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8878 PROTO=TCP SPT=7463 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0 [ 4083.797773] [UFW BLOCK] IN=eth0 OUT= MAC=00:21:85:97:b6:c5:00:04:20:06:29:30:08:00 SRC=192.168.0.7 DST=192.168.0.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=8906 PROTO=TCP SPT=7465 DPT=3483 WINDOW=3000 RES=0x00 RST URGP=0
I thought everything on 3483 was UDP only. Should we be opening our firewalls on 3483 to TCP too?
Comment