David Ljung Madison Stellar

Asked: 2016-09-30 14:07:24 +0800 CST2016-09-30 14:07:24 +0800 CST 2016-09-30 14:07:24 +0800 CST

Flooded with UDP bad checksum on port 53 (but port is closed and checksum offloaded)

I have a virtual server that I run a web server and openvpn on.

It is not running bind, and port 53 is closed.

I am recently getting flooded with errors in syslog (about 1/sec) such as:

Sep 29 15:06:59 kernel: [4579319.118505] UDP: bad checksum. From 128.47.17.191:4127 to <<my server IP>>:53 ulen 49
Sep 29 15:07:31 kernel: [4579350.981024] UDP: bad checksum. From 69.161.227.72:27788 to <<my server IP>>:53 ulen 39

I've tried checksum offloading with:

ethtool --offload eth0 rx off tx off

Finally I simply blocked all UDP traffic with iptables. I had to remove a rule that was allowing all UDP traffic, which is a bit concerning. iptables -A INPUT -p udp --dport 53 -j DROP

So that leaves two questions:

Why was I receiving these errors - was this an attack of some sort?
What UDP ports do I need to allow in my iptables to make sure my VPN and web server continue to function properly? Do I need to allow UDP port 53 to my DNS servers?

Flooded with UDP bad checksum on port 53 (but port is closed and checksum offloaded)

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?

Flooded with UDP bad checksum on port 53 (but port is closed and checksum offloaded)

0 Answers