Having just started using m0nowall in production, I am not used to it's logging yet. Here are two
entries that I am not used to seeing:
Jun 8 00:12:24 linuxgw ipmon: 00:12:23.747547 ng0 @0:15 b 126.96.36.199 -> 188.8.131.52 PR udp
len 20 (792) (frag 5152:772@1480) IN
Jun 8 00:12:24 linuxgw ipmon: 00:12:23.759113 ng0 @0:15 b 184.108.40.206 -> 220.127.116.11 PR udp
len 20 (792) (frag 5153:772@1480) IN
Are these because they are fragments? 18.104.22.168 seems to be a legit server run by ARIN, so I
would doubt it would be doing things that are malicious in nature. I just don't have a good
understanding of these yet.
Any background info would be nice.