That makes sense. I'll try it out.
Thanks,
Drew
--- Bob Glover <[EMAIL PROTECTED]> wrote:
> Drew,
>
> I've seen this before. The fault here is probably a
> web site designed
> by someone who didn't realize that many people are
> behind some kind of
> firewall. It looks to me like you were browsing
> from a MASQ'ed box (as
> evidenced by the high source port numbers: 63508,
> etc.), when you hit a
> website that contained URL's (in their HTML) that
> look something like
> this:
>
> http://blah.blah.blah.net/special-stuff/blah/blah:81
>
> The:81 part being the kicker. It could also be a
> java program or
> something that uses port 81. In any case, you
> should be able to
> duplicate the problem by visiting the site again. I
> have to say that
> you'll probably see more of this. I've seen port
> 79, 81, and 82. I
> guess they think they're being creative or
> something.
>
> It's a good idea to block outgoing ports that are
> commonly used for
> attacks. That way if you browse a disreputable (or
> cracked) web site,
> and they have something evil in them like:
> http://microshaft.com:31337, then you don't end up
> looking like you're
> up to something.
> Some HTML-based chat forums may allow port numbers
> in URL's posted by
> "chatters" too.
>
> - Bob Glover
>
> From: "Drew Hunt" <[EMAIL PROTECTED]>
> > I found these logs blocking outgoing packets.
> Whois tells me this IP
> > belongs to RackSpace in San Antonio, TX. What's
> weird is that I woke up at
> > midnight to find my Windoze computer, that had
> been turned off for the
> > night, on and waiting for my password. Would the
> Wake-On-LAN feature be
> > causing this? And what is this port 81?
>
> > Logs follow:
>
> > Feb 1 21:29:21 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63508 207.71.8.87:81 L=48 S=0x00
> I=24399 F=0x4000 T=127 SYN
> (#50)
> > Feb 1 21:29:21 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63509 207.71.8.87:81 L=48 S=0x00
> I=24655 F=0x4000 T=127 SYN
> (#50)
> > Feb 1 21:29:23 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63520 207.246.138.125:81 L=48
> S=0x00 I=37967 F=0x4000 T=127
> SYN (#50)
> > Feb 1 21:29:24 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63508 207.71.8.87:81 L=48 S=0x00
> I=43855 F=0x4000 T=127 SYN
> (#50)
> > Feb 1 21:29:24 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63509 207.71.8.87:81 L=48 S=0x00
> I=44111 F=0x4000 T=127 SYN
> (#50)
> > Feb 1 21:29:26 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63520 207.246.138.125:81 L=48
> S=0x00 I=64847 F=0x4000 T=127
> SYN (#50)
> > Feb 1 21:29:30 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> > 24.221.123.186:63508 207.71.8.87:81 L=48 S=0x00
> I=18512 F=0x4000 T=127 SYN
> (#50)
> > Feb 1 21:29:30 tenchi kernel: Packet log: output
> REJECT eth0 PROTO=6
> [snip]
> >
> > Any feedback appreciated.
> >
> > Thanks,
> > Drew
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
>
https://listman.redhat.com/mailman/listinfo/redhat-list
=====
--------
[EMAIL PROTECTED]
__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
