[X4U] System.log Entry Question: 2140 Deny UDP ...

Doug LaBore dlabore at mn.rr.com
Sun Apr 23 07:43:32 PDT 2006


The log entries are showing that your node is broadcasting to all IP's on
your local network. All networks have a broadcast address (usually the top
address in you local network range) and this is how they talk to all nodes
on a network at once.

As for the port numbers just go to google and put in "port 2010 or 2140" and
that will tell you what your PC is trying to transmit to other PC's via the
broadcast address.

The 2140 port maybe indicating that you have a virus - here's what google
reported for this port.

advICE :Exploits :Ports :2140. Port 2140 DeepThroat. (TCP/UDP) The
DeepThroat trojan runs at this port. RATs: Deep Throat

However the ipfw ( IP firewall) is denying these ports so your firewall is
doing it's job in stopping these attempts.


Doug


On 4/21/06 4:27 PM, "Rick Gordon" <rick at rickgordon.com> wrote:

> My system.log shows hundreds of entries per day in one of the two forms shown
> below:
> 
> ipfw: 2010 Deny UDP 192.168.1.<MY_NODE>:5xxxx 192.168.1.255:137 in via lo0
> 
> OR
> 
> ipfw: 2140 Deny UDP 192.168.1.<MY_NODE>:24654 192.168.1.255:24654 in via lo0
> 
> In either case, I have eliminated the start of the strings, which show
> date/time, local computer name, and kernel[0].
> 
> What is the meaning of these entries? They seem benign enough, since they are
> all from my computers local IP number to the LAN broadcast address. There are
> occasional others -- also denied -- from various unknown addresses to my
> computer's local IP address. They are also listed with fields of 2140 Deny
> UDP, but some say "in via en0", instead of "in via lo0".







More information about the X4U mailing list