[ale] Iptables: Packets from port 80 to unestablished ports
Kevin Krumwiede
kjkrum at comcast.net
Tue Jul 29 20:51:54 EDT 2003
On Sat, 19 Jul 2003 11:47:01 -0400
Mike Millson <mmillson at meritonlinesystems.com> wrote:
> I have noticed a number of packets that my iptables firewall is dropping
> from port 80 because they are unrelated to an established connection.
>
> For example:
>
> 07/19-08:52:53 kernel: ?INPUT:IN=ppp0 OUT= MAC= SRC=208.217.109.66
> DST=68.157.175.145 LEN=1452 TOS=0x00 PREC=0x00 TTL=50 ID=60713 DF
> PROTO=TCP SPT=80 DPT=35552 WINDOW=9648 RES=0x00 ACK URGP=0
>
> This is a legitimate site that I was visiting, so I revisited the site
> and logged all packets. It appears that several times per visit the web
> server sends one of these ACK packets to a port that has not previously
> been used in the conversation.
I've always seen this in my logs. CNN's site is (or was) one that does this. No idea why.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list