A few odd outbound packets
From: frankB (frankB@nospam.net)Date: 03/30/02
- Next message: Luke Vogel: "Re: A general question about ports"
- Previous message: Pierre Asselin: "Re: Unassigned ports"
- Next in thread: frankB: "Re: A few odd outbound packets"
- Reply: frankB: "Re: A few odd outbound packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: frankB <frankB@nospam.net> Date: Sat, 30 Mar 2002 04:55:38 GMT
Every now and then I get a couple of strange outbound packets that are
caught by IPTABLES - I only allow a few specific ports open for outbound
and all inbound is only on established connections (machine is also behind
a router).
Mar 29 18:25:59 localhost kernel: IPTABLES TCP-OUT: IN= OUT=eth0
SRC=192.168.1.250 DST=64.12.168.202 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=6144 PROTO=TCP SPT=33483 DPT=44483 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 29 18:26:39 localhost kernel: IPTABLES TCP-OUT: IN= OUT=eth0
SRC=192.168.1.250 DST=64.12.168.202 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=6144 PROTO=TCP SPT=33485
I don't see any pattern that relates to apps I'm running. Mostly it's just
mail, web, news. I had a couple of these packets about a week ago, but
nothing for the last few days. I read 1 post that suggested this could be
a rootkit. I just ran chkrootkit 0.35, and everything came up negative.
Any suggestions? Thanks.
- Next message: Luke Vogel: "Re: A general question about ports"
- Previous message: Pierre Asselin: "Re: Unassigned ports"
- Next in thread: frankB: "Re: A few odd outbound packets"
- Reply: frankB: "Re: A few odd outbound packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
