Having just started using m0nowall in production, I am not used to it's logging yet. Here are two
entries that I am not used to seeing:
Jun 8 00:12:24 linuxgw ipmon: 00:12:23.747547 ng0 @0:15 b 220.127.116.11 -> 18.104.22.168 PR udp
len 20 (792) (frag 5152:772@1480) IN
Jun 8 00:12:24 linuxgw ipmon: 00:12:23.759113 ng0 @0:15 b 22.214.171.124 -> 126.96.36.199 PR udp
len 20 (792) (frag 5153:772@1480) IN
Are these because they are fragments? 188.8.131.52 seems to be a legit server run by ARIN, so I
would doubt it would be doing things that are malicious in nature. I just don't have a good
understanding of these yet.
Any background info would be nice.