From: AJ Weber <aweber@comcast.net>
To: netfilter@vger.kernel.org
Subject: Re: do not understand these logged iptables packets
Date: Tue, 09 Oct 2012 09:03:00 -0400 [thread overview]
Message-ID: <50742084.7080802@comcast.net> (raw)
In-Reply-To: <5073A4E5.10406@comcast.net>
> Sorry, I'm a bit of a novice with understanding the iptables logged
> output. I'm obviously rejecting some packets that don't appear to be
> generated by my server, yet they seem to indicate that they were
> generated by my server? I can not identify any process/daemon of mine
> that should be generating any of these entries.
>
> Do they look "familiar" to anyone? Are there any tools recommended to
> better determine what rule they're triggering or something?
>
> Thanks in advance,
> AJ
>
> Oct 8 22:22:41 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=54.248.104.161 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=80 DPT=50740 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 22:52:20 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=1.34.22.39 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=TCP SPT=1080 DPT=6000 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 22:57:35 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=61.160.195.24 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=1433 DPT=6000 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 23:06:34 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=218.201.121.99 LEN=40 TOS=0x00 PREC=0x40 TTL=64 ID=0
> DF PROTO=TCP SPT=8080 DPT=3955 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=9000 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=2479 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
> Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
> SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=8118 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
>
next parent reply other threads:[~2012-10-09 13:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5073A4E5.10406@comcast.net>
2012-10-09 13:03 ` AJ Weber [this message]
2012-10-18 2:28 ` do not understand these logged iptables packets U.Mutlu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50742084.7080802@comcast.net \
--to=aweber@comcast.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.