While looking at yesterday's events in /var/log/messages, I noticed a lot of iptables messages for TCP:80 (http). Three ip address accounted for the majority of the messages. One of the addresses, 63.209.80.235, happens to be from mandrake.com . Going to http://www.mandrake.com this morning, I saw several more of these messages generated. Can someone explain why mandrake's website is sending packets to me from TCP:80?
Thanks. David ### Here's a typical message: Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=... DST=... LEN=104 TOS=0x00 PREC=0x00 TTL=54 ID=55176 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0 ### Here are the name records for 63.209.80.235: [root] #host 63.209.80.235 235.80.209.63.in-addr.arpa is an alias for 235.224-255.80.209.63.in-addr.arpa. 235.224-255.80.209.63.in-addr.arpa domain name pointer linux-mandrake.com. 235.224-255.80.209.63.in-addr.arpa domain name pointer mandrake.com. ### Here are some of the messages referencing 63.209.80.235: Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=104 TOS=0x00 PREC=0x00 TTL=54 ID=55176 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0 Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=1362 TOS=0x00 PREC=0x00 TTL=54 ID=55175 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK PSH URGP=0 Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55174 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK URGP=0 Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55177 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK FIN URGP=0 Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=55188 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK URGP=0 Jul 27 09:23:53 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=55155 DF PROTO=TCP SPT=80 DPT=2736 WINDOW=31728 RES=0x00 ACK SYN URGP=0 Jul 27 09:23:55 nic kernel: netmasq: fwall_eth1: accept: IN=eth1 OUT= MAC=... SRC=63.209.80.235 DST=... LEN=1362 TOS=0x00 PREC=0x00 TTL=54 ID=55539 DF PROTO=TCP SPT=80 DPT=2738 WINDOW=31728 RES=0x00 ACK PSH URGP=0
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com