From: "Alexis" <alexis@tpys.com.ar>
To: netfilter@lists.netfilter.org
Subject: RE: smtp
Date: Fri, 14 May 2004 17:22:59 -0300 [thread overview]
Message-ID: <E1BOjFD-0000es-LE@vishnu.netfilter.org> (raw)
In-Reply-To: <BAY15-F33V6uPDVniSn0005fa4b@hotmail.com>
Yes its, all tcpdump logged packets are all with the SYN flag on (and DF
too)
It means that all packets that you are looking at, are the host trying to
reach a destination that it can not connect, so it tries, and tries and
tries again.
It means that the path to the "way out" is blocked.
-----Mensaje original-----
De: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] En nombre de azeem ahmad
Enviado el: Viernes, 14 de Mayo de 2004 17:12
Para: netfilter@lists.netfilter.org
Asunto: Re: smtp
thanks a lot for solving this problem
but here just tell me one thing more that how u said that i m safe. is there
tcpdump output telling something. if yes then how u judge it.
Regards
Azeem
>From: Gavin Hamill <gdh@acentral.co.uk>
>To: netfilter@lists.netfilter.org
>Subject: Re: smtp
>Date: Fri, 14 May 2004 20:47:23 +0100
>
>On Friday 14 May 2004 19:54, azeem ahmad wrote:
> > hi
> > here is the out put even after blocking all smtp
> >
>-----------------------------------------------------------------------
>----
> >------------------------------------------------------
> >21:17:31.259275
> > 192.168.0.101.4730 > 207.24.89.66.smtp: S
> > 556950735:556950735(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
>
>Notice how all of these are your infected PC trying to talk to the
>outside world, and that there are no packets from the outside world to
>the infected PC? This will be due to your iptables commands blocking
>this from happening..
>and given that the snapshot took place over 4 seconds, I would say
>you're quite safe :)
>
>Yes, the infected PC will continue to spew out packets until it's
>fixed, but there is no danger, and your Internet bandwidth will no
>longer be affected.
>
>Cheers,
>Gavin.
>
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
next prev parent reply other threads:[~2004-05-14 20:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-14 20:11 smtp azeem ahmad
2004-05-14 20:22 ` Alexis [this message]
2004-05-14 20:26 ` smtp Gavin Hamill
-- strict thread matches above, loose matches on Subject: below --
2004-05-14 18:54 smtp azeem ahmad
2004-05-14 19:47 ` smtp Gavin Hamill
2004-05-14 15:41 smtp azeem ahmad
2004-05-14 15:53 ` smtp Gavin Hamill
2004-05-14 13:19 smtp azeem ahmad
2004-05-14 13:40 ` smtp Gavin Hamill
2004-05-14 12:07 smtp azeem ahmad
2004-05-14 12:28 ` smtp Gavin Hamill
2004-05-14 11:17 smtp azeem ahmad
2004-05-14 11:37 ` smtp Gavin Hamill
2004-05-14 12:46 ` smtp Antony Stone
2003-01-21 15:24 SMTP Steffen Bisgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1BOjFD-0000es-LE@vishnu.netfilter.org \
--to=alexis@tpys.com.ar \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.