Port 1214 is used by the filesharing application Kazaa. Recently a vulnerablitiy must have come up because I have been seeing regular scans on a daily basis from different ip's for about a month now.
As David already replied you are not accepting nor deny'ing them but you are rejecting them. Only difference is that you do reply with a reset packet to close off the session. Well I guess you could say it is slightly more polite then not responding at all :-). Unfortunately it is also telling that your machine is up & is doing some filtering so you could consider it slightly less secure as well. Kim Oppalfens >> What I don't understand is why the packets are not denied and who is responding >to this >> packets. > >> tcpdump: >> >> 13:24:08.722724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) >win 8192 >> <mss 536,nop,nop,sackOK> (DF) >> 13:24:08.722724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 229201905 >win 0 >> 13:24:09.752724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) >win 8192 >> <mss 536,nop,nop,sackOK> (DF) >> 13:24:09.752724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 >win 0 >> 13:24:10.452724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) >win 8192 >> <mss 536,nop,nop,sackOK> (DF) >> 13:24:10.452724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 >win 0 >> 13:24:11.352724 213.168.220.62.2605 > 80.134.34.59.1214: S 229201904:229201904(0) >win 8192 >> <mss 536,nop,nop,sackOK> (DF) >> 13:24:11.352724 80.134.34.59.1214 > 213.168.220.62.2605: R 0:0(0) ack 1 >win 0 > > >Looking at your output, they are sending you some sort of packet destined >for >port 1214 on your firewall (80.134.34.59) and your firewall IS rejecting >it, >using the TCP RST flag (ReSeT). Your firewall can send a RST, or ignore >the >packet entirely; in this case, it sends a RST. > >I don't know what port 1214 is supposed to be for, but port 2605 is BGP (a >routing >protocol) - surprise surprise... > > > >------------------------------------------------------- >This sf.net email is sponsored by: OSDN - Tired of that same old >cell phone? Get a new here for FREE! >https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 >------------------------------------------------------------------------ >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
