Anyone seeing a lot of these lately?
Oct 6 04:22:20 m0n0wall.local ipmon[78]: 04:22:20.106185 vr1 @0:15 b 174.142.104.19,0 -> 66.229.212.x,0 PR tcp len 20 60 -C IN bad
Oct 6 04:23:16 m0n0wall.local ipmon[78]: 04:23:16.029171 vr1 @0:15 b 31.204.159.14,0 -> 66.229.212.x,0 PR tcp len 20 60 -ARSU IN bad
Oct 6 04:24:22 m0n0wall.local ipmon[78]: 04:24:21.290051 vr1 @0:15 b 209.59.252.42,0 -> 66.229.212.x,0 PR tcp len 20 60 -RSFUP IN bad
Oct 6 04:24:33 m0n0wall.local ipmon[78]: 04:24:32.809617 vr1 @0:15 b 108.166.117.66,0 -> 66.229.212.x,0 PR tcp len 20 60 -AFPC IN bad
Oct 6 04:28:41 m0n0wall.local ipmon[78]: 04:28:41.523818 vr1 @0:15 b 209.59.252.42,0 -> 66.229.212.x,0 PR tcp len 20 60 -AFPEC IN bad
Oct 6 04:29:14 m0n0wall.local ipmon[78]: 04:29:13.592284 vr1 @0:15 b 184.106.240.25,0 -> 66.229.212.x,0 PR tcp len 20 60 -SFUP IN bad
Oct 6 04:29:33 m0n0wall.local ipmon[78]: 04:29:33.122980 vr1 @0:15 b 95.110.202.254,0 -> 66.229.212.x,0 PR tcp len 20 60 -RSPC IN bad
Oct 6 04:30:45 m0n0wall.local ipmon[78]: 04:30:45.417878 vr1 @0:15 b 81.176.236.203,0 -> 66.229.212.x,0 PR tcp len 20 60 -UPE IN bad
Oct 6 04:31:05 m0n0wall.local ipmon[78]: 04:31:04.910133 vr1 @0:15 b 59.173.18.44,0 -> 66.229.212.x,0 PR tcp len 20 60 -ARFPC IN bad
Mentioned in here and others:
http://www.pcworld.com/article/2061080/spike-in-traffic-with-tcp-source-port-zero-has-some-researchers-worried.html
m0n0wall Forum > m0n0wall Support (English) > General Questions
Topic: Log entries - blocked TCP with source and destination port 0 (empty port in GUI)