Re: Firewall hits from websites
From: Jason Kirk (usenet@captain.custard.org)
Date: 03/17/03
- Previous message: Thomas Gagné: "Re: I am root and can not delete a file?"
- In reply to: Jem Berkes: "Re: Firewall hits from websites"
- Next in thread: Robert Tinsley: "Re: Firewall hits from websites"
- Reply: Robert Tinsley: "Re: Firewall hits from websites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jason Kirk <usenet@captain.custard.org> Date: Mon, 17 Mar 2003 10:51:10 -0600
Jem Berkes wrote:
>>The odd thing is that these hits originate
>>from a website that I happen to be reading at the time. Normally only
>>appear once from that site and not on subsquent (or indeed previous)
>>visits. Is this normal behaviour or is there something more complex
>>going on.
>
>
> With state based firewalls (like netfilter/iptables on 2.4) what can happen
> is that when packets arrive later than expected from a remote site, the OS
> no longer recognizes the packets as related to any connection and logs
> them.
>
> I see this frequently on my mail server. There are lots of packets from
> hotmail servers shown in my logs, probably because the sites are sluggish
> and netfilter is logging packets that arrive late from the site.
>
I would have thought that a late packet would have been expected on the standard
port 80 where as these hits seem to be coming from port 33270.
-Jason
- Previous message: Thomas Gagné: "Re: I am root and can not delete a file?"
- In reply to: Jem Berkes: "Re: Firewall hits from websites"
- Next in thread: Robert Tinsley: "Re: Firewall hits from websites"
- Reply: Robert Tinsley: "Re: Firewall hits from websites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
