* strange log entries concerning mail server
@ 2003-02-13 17:03 Kurt Tragant
0 siblings, 0 replies; 3+ messages in thread
From: Kurt Tragant @ 2003-02-13 17:03 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1230 bytes --]
Hello list,
I have some strange entries in my firewall log concerning our mailserver. Every
day there are numerous entries with packets coming from source ports 850-910 to
a very high destination port. An excerpt, you see below. x.y.z.[0-9]* is the
host outside, a.b.c.d is our mailserver (to protect the innocent ;-)).
Feb 13 08:29:26 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d
LEN=143 TOS=0x00 PREC=0x00 TTL=55 ID=8196 DF PROTO=TCP SPT=859 DPT=56926
WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0
Feb 13 13:32:36 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d
LEN=84 TOS=0x00 PREC=0x00 TTL=55 ID=45926 DF PROTO=TCP SPT=902 DPT=57334
WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0
Feb 13 13:32:45 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d
LEN=84 TOS=0x00 PREC=0x00 TTL=55 ID=45951 DF PROTO=TCP SPT=902 DPT=57334
WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0
For an answer I thank you in advance.
Regards
Kurt Tragant
__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen!
Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: strange log entries concerning mail server
[not found] <20030213171002.5495.70915.Mailman@kashyyyk>
@ 2003-02-15 22:05 ` Willi Mann
0 siblings, 0 replies; 3+ messages in thread
From: Willi Mann @ 2003-02-15 22:05 UTC (permalink / raw)
To: netfilter, k.tragant
Look at
http://www.iptables.org/documentation/tutorials/blueflux/iptables-tutorial.html#NEWNOTSYN
(The paragraph with "..bad Microsoft TCP/IP implementations.." )
This *could* be the problem as long as your machine makes outgoing
sessions to these ports.
I have similar problems with a HTTP-proxy.
Willi Mann
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: strange log entries concerning mail server
@ 2003-02-17 11:20 Kurt Tragant
0 siblings, 0 replies; 3+ messages in thread
From: Kurt Tragant @ 2003-02-17 11:20 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 952 bytes --]
Hi Willi,
thanks for your answer.
> Look at
>
http://www.iptables.org/documentation/tutorials/blueflux/iptables-tutorial.html#NEWNOTSYN
> (The paragraph with "..bad Microsoft TCP/IP implementations.." )
> This *could* be the problem as long as your machine makes outgoing
> sessions to these ports
The mail server doesn't make outgoing connections to these ports (I think, I
should have noticed it, because I have a DROP policy).Additionally, as I
understand in your cited part of the netfilter manual, only microsoft products
have these problems. My mail server is a qmail on linux 2.4.20. Maybe there are
any other ideas? I would be thankful...
Regards
Kurt Tragant
__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen!
Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-02-17 11:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20030213171002.5495.70915.Mailman@kashyyyk>
2003-02-15 22:05 ` strange log entries concerning mail server Willi Mann
2003-02-17 11:20 Kurt Tragant
-- strict thread matches above, loose matches on Subject: below --
2003-02-13 17:03 Kurt Tragant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox