UDP Bogus Hlen

**BENCHMARKMAN** · 03-10-2008

In the /var/log/message log I am seeing UDP packets dropped because of bogus hlen. What exactly does this mean and is there a way to see what packets are being dropped and where the source was?

**anomie** · 03-10-2008

define: hlen - Google Search

Can you post the exact message? You may or may not be able to identify the real source (can be spoofed).

**BENCHMARKMAN** · 03-10-2008

Originally Posted by anomie

define: hlen - Google Search

Can you post the exact message? You may or may not be able to identify the real source (can be spoofed).

I believe the exact message is what I wrote along with a size which ranges from 35xxx to 65xxx. If I understand the google define correctly there is a bad source or destination address? How could this be possible?

**anomie** · 03-10-2008

Can you not copy/paste from the log?

It's possible it is a crafted packet (i.e. someone trying to do something nasty).

**BENCHMARKMAN** · 03-10-2008

No, I can't copy and paste the log but tomorrow I will post one of the exact messages. It's not somebody purposly trying to do something nasty becaue its a closed lan.

BTW how would you "craft" a packet?

Thread Tools

Display

UDP Bogus Hlen

Posting Permissions