Hi All I keep getting connection attempts on tcp port 21 from this particular IP address. I'm pretty sure this is someone trying to connect to an FTP server on my network. Incidentally, there are no FTP servers on my LAN.
The packets come in a fixed pattern, four over a period of about 30 seconds, then about five minutes later, a similar packet but without the SYN flag set appears, like this: Jan 17 07:38:28 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=33343 F=0x0000 T=110 SYN (#73) Jan 17 07:38:31 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=35647 F=0x0000 T=110 SYN (#73) Jan 17 07:38:37 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=35903 F=0x0000 T=110 SYN (#73) Jan 17 07:38:49 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=38719 F=0x0000 T=110 SYN (#73) Jan 17 07:43:51 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=43 S=0x00 I=0 F=0x0000 T=14 (#73) What might be the significance of there being no SYN flag on the last packet? I did a few whois lookups etc and found the email address of a technical contact at the ISP responsible for 202.64.203.30, but it occurred to me that if this address might be spoofed. What do you think? What action would you take? thanks Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
