From: Chris Brenton <cbrenton@chrisbrenton.org>
To: Ian Hunter <ihunter@hunterweb.net>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: Weird TCP flags?
Date: Fri, 12 Dec 2003 08:13:43 -0500 [thread overview]
Message-ID: <1071234823.2020.8.camel@grendel> (raw)
In-Reply-To: <003101c3c065$f61ad790$13fea8c0@melita.com>
On Thu, 2003-12-11 at 23:11, Ian Hunter wrote:
>
> Dec 11 22:58:52 lucy kernel: Fwd DMZ->Internet DROP: IN=eth1 OUT=ppp0
> SRC=192.168.254.242 DST=204.157.6.223 LEN=60 TOS=0x00 PREC=0x00 TTL=63
> ID=56169 DF PROTO=TCP SPT=80 DPT=56319 WINDOW=32476 RES=0x00 ACK SYN URGP=0
My "guess" is, you are receiving a SYN packet from 204.157.6.223. This
creates a state table entry with with a 60 second timer. Your system is
taking longer than 60 seconds to respond, so iptables is removing the
state table entry. Your system then responds causing the log entry shown
above.
HTH,
C
next prev parent reply other threads:[~2003-12-12 13:13 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-12 4:11 Weird TCP flags? Ian Hunter
2003-12-12 4:46 ` Jeffrey Laramie
2003-12-12 4:52 ` Ian Hunter
2003-12-12 5:20 ` Jeffrey Laramie
2003-12-12 4:51 ` Jeffrey Laramie
[not found] ` <200312120105.01557.Alistair Tonner <>
2003-12-12 12:26 ` John A. Sullivan III
2003-12-12 13:14 ` Ian Hunter
2003-12-12 13:32 ` John A. Sullivan III
2003-12-12 13:59 ` Antony Stone
2003-12-12 14:50 ` John A. Sullivan III
2003-12-12 14:37 ` Antony Stone
2003-12-12 16:37 ` Ian Hunter
2003-12-12 13:13 ` Chris Brenton [this message]
2003-12-12 13:26 ` Ian Hunter
2003-12-12 14:05 ` Jeffrey Laramie
2003-12-12 13:57 ` Antony Stone
2003-12-12 14:21 ` John A. Sullivan III
2003-12-12 14:26 ` Ralf Spenneberg
2003-12-12 14:41 ` Jeffrey Laramie
2003-12-12 14:38 ` Antony Stone
2003-12-12 16:05 ` Jeffrey Laramie
2003-12-12 17:41 ` Chris Brenton
2003-12-12 21:21 ` Antony Stone
2003-12-13 14:00 ` Akos Szalkai
2003-12-13 14:41 ` Antony Stone
2003-12-13 14:50 ` Antony Stone
2003-12-13 14:57 ` Akos Szalkai
2003-12-13 14:53 ` Akos Szalkai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1071234823.2020.8.camel@grendel \
--to=cbrenton@chrisbrenton.org \
--cc=ihunter@hunterweb.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.