* Strange outgoing packet ...
@ 2004-01-16 9:15 Rakotomandimby Mihamina
2004-01-16 15:09 ` Unknown, Alistair Tonner
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Rakotomandimby Mihamina @ 2004-01-16 9:15 UTC (permalink / raw)
To: netfilter
Hi all,
Im' running 2.4.24 and iptables 1.2.9 on slackware .
I made these rules on my single box connected to internet via the ppp0
interface ( i only show OUTPUT related entries )
iptables -P OUTPUT DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#To allow me surfing :
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
# My ISP DNS :
iptables -A OUTPUT -d 193.252.19.4 -p ALL -j ACCEPT ;
iptables -A OUTPUT -d 193.252.19.3 -p ALL -j ACCEPT ;
iptables -A OUTPUT -d 80.10.246.1 -p ALL -j ACCEPT
iptables -A OUTPUT -d 80.10.246.132 -p ALL -j ACCEPT
#Logging everything else :
iptables -A OUTPUT -j LOG --log-level info --log-prefix "dropped_output_: "
and i get many lines like this in my log file :
Jan 16 06:54:40 milina kernel: dropped_output_: IN= OUT=ppp0 SRC=81.248.95.208
DST=81.56.193.129 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
SPT=39332 DPT=113 WINDOW=18276 RES=0x00 SYN URGP=0
What would be this stuff on 113 port ??
Though when i sleep ( i kill X by switching to runlevel 3 , so there is
neither "messenger" nor any stuff that should be connected but my web server
and FTP server ... ) , it logs that .
Would you hel me ?
--
Rakotomandimby Mihamina Andrianifaharana
Tel : +33 2 38 76 43 65
http://stko.dyndns.info/site_principal/Members/mihamina
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Strange outgoing packet ...
2004-01-16 9:15 Strange outgoing packet Rakotomandimby Mihamina
@ 2004-01-16 15:09 ` Unknown, Alistair Tonner
2004-01-16 15:35 ` Bob Weber
[not found] ` <200401161009.03957.Alistair Tonner <>
2 siblings, 0 replies; 5+ messages in thread
From: Unknown, Alistair Tonner @ 2004-01-16 15:09 UTC (permalink / raw)
To: Rakotomandimby Mihamina, netfilter
On January 16, 2004 04:15 am, Rakotomandimby Mihamina wrote:
> Hi all,
> Im' running 2.4.24 and iptables 1.2.9 on slackware .
>
> I made these rules on my single box connected to internet via the ppp0
> interface ( i only show OUTPUT related entries )
>
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o lo -j ACCEPT
> iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> #To allow me surfing :
> iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
> # My ISP DNS :
> iptables -A OUTPUT -d 193.252.19.4 -p ALL -j ACCEPT ;
> iptables -A OUTPUT -d 193.252.19.3 -p ALL -j ACCEPT ;
> iptables -A OUTPUT -d 80.10.246.1 -p ALL -j ACCEPT
> iptables -A OUTPUT -d 80.10.246.132 -p ALL -j ACCEPT
> #Logging everything else :
> iptables -A OUTPUT -j LOG --log-level info --log-prefix "dropped_output_: "
>
> and i get many lines like this in my log file :
>
> Jan 16 06:54:40 milina kernel: dropped_output_: IN= OUT=ppp0
> SRC=81.248.95.208 DST=81.56.193.129 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0
> DF PROTO=TCP SPT=39332 DPT=113 WINDOW=18276 RES=0x00 SYN URGP=0
>
> What would be this stuff on 113 port ??
>
That would be Identd -- its your FTP server trying to get ident
info from connecting clients. You can turn this off in *some* ftp
configs.
Alistair
> Though when i sleep ( i kill X by switching to runlevel 3 , so there is
> neither "messenger" nor any stuff that should be connected but my web
> server and FTP server ... ) , it logs that .
>
> Would you hel me ?
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Strange outgoing packet ...
2004-01-16 9:15 Strange outgoing packet Rakotomandimby Mihamina
2004-01-16 15:09 ` Unknown, Alistair Tonner
@ 2004-01-16 15:35 ` Bob Weber
2004-01-16 15:58 ` Rakotomandimby Mihamina
[not found] ` <200401161009.03957.Alistair Tonner <>
2 siblings, 1 reply; 5+ messages in thread
From: Bob Weber @ 2004-01-16 15:35 UTC (permalink / raw)
To: netfilter
On 01/16/04, Rakotomandimby Mihamina wrote:
> Hi all,
> Im' running 2.4.24 and iptables 1.2.9 on slackware .
> and i get many lines like this in my log file :
>
> Jan 16 06:54:40 milina kernel: dropped_output_: IN= OUT=ppp0 SRC=81.248.95.208
> DST=81.56.193.129 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
> SPT=39332 DPT=113 WINDOW=18276 RES=0x00 SYN URGP=0
>
> What would be this stuff on 113 port ??
Port 113 is the auth port. Mail servers will attempt to connect to this
port to determine if you are at the ip address your name resolves to. If
your mail server has to wait for this connection to timeout pop3 and smtp
connections will be slow
Bob
^ permalink raw reply [flat|nested] 5+ messages in thread[parent not found: <200401161009.03957.Alistair Tonner <>]
end of thread, other threads:[~2004-01-16 15:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-16 9:15 Strange outgoing packet Rakotomandimby Mihamina
2004-01-16 15:09 ` Unknown, Alistair Tonner
2004-01-16 15:35 ` Bob Weber
2004-01-16 15:58 ` Rakotomandimby Mihamina
[not found] ` <200401161009.03957.Alistair Tonner <>
2004-01-16 15:59 ` Rakotomandimby Mihamina
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox