On Wed, Jan 01, 2020 at 05:27:22PM +0000, David Watkins wrote: > Interesting that port 37970 is trending. My Googling failed to find that > out so thanks for that pointer.
I don't know why people put up 65k (static?) webpages that have nothing but template content and never any useful information...I'm guessing you found those. I'm avoiding quoting their language or linking to them here since I think the already get enough attention from google (not on their merits). > Interesting comment about the TCP Flags also. I didn't really know they > existed. I'll do some research on those and see if I can learn anything. > There are no TCP packets in the log to port 37970 but there are similar TCP > packets aimed at other ports. I've attached a very small snippet of the > 'messages' log. Does that show the Flags? > Dec 29 05:01:56 piccolo kernel: Shorewall:net2fw:DROP:IN=eth1 OUT= > MAC=00:60:81:3a:06:73:9c:80:df:47:1a:26:08:00 SRC=220.121.97.43 > DST=192.168.1.1 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=7849 PROTO=TCP SPT=59466 > DPT=8933 WINDOW=1024 RES=0x00 SYN URGP=0 Show SYN packets (connection attempt), as you'd expect for a dropped packet. -- Justin Pryzby System Administrator Telsasoft +1-952-707-8581 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
