[leaf-user] Unknown traffic on firewall

Manfred Schuler Sun, 18 Aug 2002 14:10:19 -0700

Hi all,

in the last few weeks I discovered some unknown traffic on my firewall.
I inserted a rule to log all traffic on the input and output chains and found that the
incoming packet is neither rejected nor denied, but answered by the firewall.
I am using a stock eigerstein2beta firewall with no port redirection and no additional
ports opened.


What I don't understand is why the packets are not denied and who is responding to this
packets.

If you need additional information, please ask for it.

Log Entries:

Aug 18 13:24:08 tunix kernel: Packet log: input - ppp0 PROTO=6 213.168.220.62:2605 
80.134.
34.59:1214 L=48 S=0x00 I=29010 F=0x4000 T=114 SYN (#1)
Aug 18 13:24:08 tunix kernel: Packet log: output - ppp0 PROTO=6 80.134.34.59:1214 
213.168.
220.62:2605 L=40 S=0x00 I=14602 F=0x0000 T=255 (#1)
Aug 18 13:24:09 tunix kernel: Packet log: input - ppp0 PROTO=6 213.168.220.62:2605 
80.134.
34.59:1214 L=48 S=0x00 I=33106 F=0x4000 T=114 SYN (#1)
Aug 18 13:24:09 tunix kernel: Packet log: output - ppp0 PROTO=6 80.134.34.59:1214 
213.168.
220.62:2605 L=40 S=0x00 I=14603 F=0x0000 T=255 (#1)
Aug 18 13:24:10 tunix kernel: Packet log: input - ppp0 PROTO=6 213.168.220.62:2605 
80.134.
34.59:1214 L=48 S=0x00 I=35666 F=0x4000 T=114 SYN (#1)
Aug 18 13:24:10 tunix kernel: Packet log: output - ppp0 PROTO=6 80.134.34.59:1214 
213.168.
220.62:2605 L=40 S=0x00 I=14604 F=0x0000 T=255 (#1)
Aug 18 13:24:11 tunix kernel: Packet log: input - ppp0 PROTO=6 213.168.220.62:2605 
80.134.
34.59:1214 L=48 S=0x00 I=38482 F=0x4000 T=114 SYN (#1)
Aug 18 13:24:11 tunix kernel: Packet log: output - ppp0 PROTO=6 80.134.34.59:1214 
213.168.
220.62:2605 L=40 S=0x00 I=14605 F=0x0000 T=255 (#1)


tcpdump:

13:24:08.722724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) win 
8192
 <mss 536,nop,nop,sackOK> (DF)
13:24:08.722724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 229201905 win 0
13:24:09.752724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) win 
8192
 <mss 536,nop,nop,sackOK> (DF)
13:24:09.752724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 win 0
13:24:10.452724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) win 
8192
 <mss 536,nop,nop,sackOK> (DF)
13:24:10.452724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 win 0
13:24:11.352724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) win 
8192
 <mss 536,nop,nop,sackOK> (DF)
13:24:11.352724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 win 0

-- 
Manfred Schuler
E_Mail: mailto:[EMAIL PROTECTED]


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Unknown traffic on firewall

Reply via email to