strange outgoing smpppd SYN packets
From: EricT (ericteuber_at_web.de)
Date: 11/22/05
- Next message: Grant: "Re: strange outgoing smpppd SYN packets"
- Previous message: Grant: "Re: firewall blockage of spam/banner ads?"
- Next in thread: Grant: "Re: strange outgoing smpppd SYN packets"
- Reply: Grant: "Re: strange outgoing smpppd SYN packets"
- Reply: EricT: "Re: strange outgoing smpppd SYN packets"
- Reply: Moe Trin: "Re: strange outgoing smpppd SYN packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Nov 2005 22:16:15 +0100
Hi all,
my firewall blocks and logs strange TCP SYN packets to an IP belonging
to a host within the range of my ISP:
Nov 22 21:45:45 fw kernel: TCP-DROP: IN= OUT=eth0 SRC=80.xxx.xxx.xxx
DST=80.xxx.xxx.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4295 DF PROTO=TCP
SPT=61513 DPT=3185 WINDOW=5840 RES=0x00 SYN URGP=0
Sorry for hiding them, but they are permanent.
The destination port actually is a smppd deamon. I am wondering what
could cause this? It appeared the first time 2 days ago. It is strange,
because the firewall didn't log anything like that before.
after tracerouting the destination IP i only get one hop, which is
10.219.192.1 belongigng to IANA (corresponding to the whois db).
Also i find the following "strange" entry in the routing cache:
Source Destination Gateway Flags Metric Ref Use
Iface
10.219.192.1 255.255.255.255 255.255.255.255 bl 0 0 5 lo
What does the flag bl mean? Can anyone give me a hint?
Thanks and greetz,
Eric
- Next message: Grant: "Re: strange outgoing smpppd SYN packets"
- Previous message: Grant: "Re: firewall blockage of spam/banner ads?"
- Next in thread: Grant: "Re: strange outgoing smpppd SYN packets"
- Reply: Grant: "Re: strange outgoing smpppd SYN packets"
- Reply: EricT: "Re: strange outgoing smpppd SYN packets"
- Reply: Moe Trin: "Re: strange outgoing smpppd SYN packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
