Network activity through port 17500

on

ishahak asked:

I’m trying to track network activities on my machine running CentOS-7.

According to iptables logs, I’m getting many inputs from unknown machines into port 17500.

Is there any reason for attackers to access that port?

Can I safely disable it with iptables?

Thanks!

16:50:29 kernel: IN=eth0 OUT= MAC=... SRC=5.100.254.27 DST=255.255.255.255 LEN=173 TOS=0x00 PREC=0x00 TTL=128 ID=9324 PROTO=UDP SPT=17500 DPT=17500 LEN=153 
16:50:29 kernel: IN=eth0 OUT= MAC=... SRC=195.28.181.79 DST=255.255.255.255 LEN=204 TOS=0x00 PREC=0x00 TTL=128 ID=2073 PROTO=UDP SPT=17500 DPT=17500 LEN=184 
16:50:32 kernel: IN=eth0 OUT= MAC=... SRC=5.100.255.153 DST=255.255.255.255 LEN=378 TOS=0x00 PREC=0x00 TTL=128 ID=5482 PROTO=UDP SPT=17500 DPT=17500 LEN=358 
16:50:32 kernel: IN=eth0 OUT= MAC=... SRC=5.100.255.153 DST=255.255.255.255 LEN=375 TOS=0x00 PREC=0x00 TTL=128 ID=5483 PROTO=UDP SPT=17500 DPT=17500 LEN=355 
16:50:34 kernel: IN=eth0 OUT= MAC=... SRC=195.28.181.106 DST=255.255.255.255 LEN=174 TOS=0x00 PREC=0x00 TTL=128 ID=8467 PROTO=UDP SPT=17500 DPT=17500 LEN=154 
16:50:34 kernel: IN=eth0 OUT= MAC=... SRC=5.100.250.67 DST=255.255.255.255 LEN=162 TOS=0x00 PREC=0x00 TTL=128 ID=5903 PROTO=UDP SPT=17500 DPT=17500 LEN=142 
16:50:36 kernel: IN=eth0 OUT= MAC=... SRC=185.241.6.152 DST=255.255.255.255 LEN=366 TOS=0x00 PREC=0x00 TTL=128 ID=14192 PROTO=UDP SPT=17500 DPT=17500 LEN=346 
16:50:36 kernel: IN=eth0 OUT= MAC=... SRC=185.241.6.152 DST=255.255.255.255 LEN=378 TOS=0x00 PREC=0x00 TTL=128 ID=14193 PROTO=UDP SPT=17500 DPT=17500 LEN=358 
16:50:46 kernel: IN=eth0 OUT= MAC=... SRC=5.100.253.17 DST=255.255.255.255 LEN=172 TOS=0x00 PREC=0x00 TTL=128 ID=10333 PROTO=UDP SPT=17500 DPT=17500 LEN=152 
16:50:46 kernel: IN=eth0 OUT= MAC=... SRC=212.199.177.237 DST=255.255.255.255 LEN=410 TOS=0x00 PREC=0x00 TTL=128 ID=6963 PROTO=UDP SPT=17500 DPT=17500 LEN=390 
16:50:46 kernel: IN=eth0 OUT= MAC=... SRC=212.199.177.237 DST=255.255.255.255 LEN=418 TOS=0x00 PREC=0x00 TTL=128 ID=6965 PROTO=UDP SPT=17500 DPT=17500 LEN=398 
16:50:46 kernel: IN=eth0 OUT= MAC=... SRC=212.199.177.237 DST=255.255.255.255 LEN=408 TOS=0x00 PREC=0x00 TTL=128 ID=6967 PROTO=UDP SPT=17500 DPT=17500 LEN=388 
16:50:46 kernel: IN=eth0 OUT= MAC=... SRC=212.199.177.237 DST=255.255.255.255 LEN=417 TOS=0x00 PREC=0x00 TTL=128 ID=6969 PROTO=UDP SPT=17500 DPT=17500 LEN=397 
16:50:51 kernel: IN=eth0 OUT= MAC=... SRC=185.106.128.105 DST=255.255.255.255 LEN=161 TOS=0x00 PREC=0x00 TTL=128 ID=13709 PROTO=UDP SPT=17500 DPT=17500 LEN=141 
16:50:52 kernel: IN=eth0 OUT= MAC=... SRC=194.36.90.146 DST=255.255.255.255 LEN=366 TOS=0x00 PREC=0x00 TTL=128 ID=21383 PROTO=UDP SPT=17500 DPT=17500 LEN=346 
16:50:52 kernel: IN=eth0 OUT= MAC=... SRC=194.36.90.146 DST=255.255.255.255 LEN=378 TOS=0x00 PREC=0x00 TTL=128 ID=21384 PROTO=UDP SPT=17500 DPT=17500 LEN=358 
16:50:53 kernel: IN=eth0 OUT= MAC=... SRC=185.241.6.127 DST=255.255.255.255 LEN=161 TOS=0x00 PREC=0x00 TTL=128 ID=8621 PROTO=UDP SPT=17500 DPT=17500 LEN=141

My answer:

Your server is hosted at a provider, where other customers of that server who are on the same LAN are running Dropbox. Its LAN Sync feature broadcasts on UDP port 17500. If you don’t also have Dropbox running, you can ignore this traffic.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Related Post

How to send request to proxy pass url based on server name in nginx?

Which Red Hat / CentOS updates should be applied and on what schedule?

VoIP and NAT (and blocked ports)

HTTP status code to signal bad or missing Host header

How can I log a linux command's process tree?

custom 502 error page for nginx with unicorn not working, driving me insane ;)