[expert] SPT=80 messages

David Relson Sun, 28 Jul 2002 08:02:23 -0700

While looking at yesterday's events in /var/log/messages, I noticed a lot 
of iptables messages for TCP:80 (http).  Three ip address accounted for the 
majority of the messages.  One of the addresses, 63.209.80.235, happens to 
be from mandrake.com
.  Going to http://www.mandrake.com this morning, I saw several more of 
these messages generated.   Can someone explain why mandrake's website is 
sending packets to me from TCP:80?


Thanks.

David


### Here's a typical message:

Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=... DST=... LEN=104 TOS=0x00 PREC=0x00 TTL=54 ID=55176 DF 
PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0

### Here are the name records for 63.209.80.235:

[root] #host 63.209.80.235
235.80.209.63.in-addr.arpa is an alias for 235.224-255.80.209.63.in-addr.arpa.
235.224-255.80.209.63.in-addr.arpa domain name pointer linux-mandrake.com.
235.224-255.80.209.63.in-addr.arpa domain name pointer mandrake.com.

### Here are some of the messages referencing 63.209.80.235:

Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=104 TOS=0x00 PREC=0x00 TTL=54 
ID=55176 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0
Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=1362 TOS=0x00 PREC=0x00 TTL=54 
ID=55175 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0
Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55174 
DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK URGP=0
Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55177 
DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK FIN URGP=0
Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55188 
DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK URGP=0
Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=55155 
DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK SYN URGP=0
Jul 27 09:23:55 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= 
MAC=... SRC=63.209.80.235 DST=... LEN=1362 TOS=0x00 PREC=0x00 TTL=54 
ID=55539 DF PROTO=TCP SPT=80 DPT=2738 WINDOW=31728 RES=0x00 ACK PSH URGP=0

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] SPT=80 messages

Reply via email to