What does it mean that most dropped packets have a different incoming and outgoing port?

Posted by Kev on Server Fault See other posts from Server Fault or by Kev
Published on 2010-03-15T16:55:03Z Indexed on 2010/03/15 17:00 UTC
Read the original article Hit count: 270

Filed under:
|
|
|
|

Over the weekend an internet-facing DI-624 router of mine was e-mailing me logs like crazy for some reason. Normally it's a few a day, but it was about one every few minutes instead. Analyzing the messages, I found that only 340 had the same src and dst port number, whereas the majority of "default deny" dropped packets (28,000+) had the two ports different. What does this mean?

© Server Fault or respective owner

Related posts about router

Related posts about analysis