Re: Possible firewall problem?

From: Kerodo (kerodonospamkenny_at_hotmail.com)
Date: 08/29/04 

Date: Sun, 29 Aug 2004 13:06:11 -0700

In article <0js3j0dvt89g3ve534j33c0n76oeaabpci@4ax.com>,
badnews@hansenonline.net says...
> On Sat, 28 Aug 2004 22:21:09 -0700, Kerodo spoketh
>
> >I'm noticing an occasional entry in my firewall logs and I'm not sure if
> >it's a problem or not. I'm seeing a 40 byte TCP packet going outbound
> >from my local port 25 to a remote port (seems to change, but last one
> >was 4043). The remote IP address doesn't look familiar. Seems to be
> >just a random address somewhere. In the info column of the logs, it
> >just says TCP flags: RST ACK.
> >
> >Could this indicate that packets are somehow getting thru the firewall
> >and my system is responding with an outbound packet like this?
> >
> >The firewall is blocking the outbound packet. I'm just wondering what
> >is causing it in the first place..
>
> What you are seeing are a proper response to an inbound connection from
> port 4032 on a remote system to your local port 25. The response RST ACK
> simply means "we're closed, go away". So, it's not a connection
> initiated from your computer, it's a response to an external connection
> attempt.

Ok, thanks Lars.. But doesn't it mean then that a packet is getting
thru the firewall rules somehow and getting in? What I'm concerned
about is that there is a "hole" in the firewall.. 

-- 
Kerodo

Relevant Pages

  • Re: Possible firewall problem?
    ... >>I'm noticing an occasional entry in my firewall logs and I'm not sure if ... >>Could this indicate that packets are somehow getting thru the firewall ... >>The firewall is blocking the outbound packet. ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ...
    (comp.security.firewalls)
  • Re: Possible firewall problem?
    ... > I'm noticing an occasional entry in my firewall logs and I'm not sure if ... I'm seeing a 40 byte TCP packet going outbound ... > Could this indicate that packets are somehow getting thru the firewall ... > The firewall is blocking the outbound packet. ...
    (comp.security.firewalls)
  • Re: Possible firewall problem?
    ... >> I'm noticing an occasional entry in my firewall logs and I'm not sure if ... >> Could this indicate that packets are somehow getting thru the firewall ... >> The firewall is blocking the outbound packet. ... new Win2k install, ...
    (comp.security.firewalls)
  • Re: Anonymiser vs Firewall
    ... >>>reason to have a firewall is for outbound packet filtering to A) Detect ... Realplayer phone home is not detected by a personal firewall after allowing ... Malware calling its own DLLs using user.exe is not detected, ... Malware clicking on the "Ok, always" button of the personal firewall dialog, ...
    (comp.security.firewalls)
  • Re: firewall
    ... the XP Firewall does in fact do SOME outbound packet checking and will not ... the XP internal firewall is great. ... I've been very happy with Symantec's Norton ...
    (microsoft.public.windowsxp.security_admin)