== Yet Another FireWall Question. I'm doing really well here so I'm going to the well one more time :-)
My new iptables firewall is up and seems to be running ok. I have a few bounced packets that I don't understand and I was wondering if someone might explain them to me. (I'm Mr. 146.115.228.77) Here are the example packets from my syslog: Feb 25 21:20:20 saturn kernel: TCP drop IN=eth0 OUT= MAC=00:e0:81:05:43:80:00:30:19:31:73:a8:08:00 SRC=205.156.51.200 DST=146.115.228.77 LEN=52 TOS=0x10 PREC=0x00 TTL=46 ID=32315 PROTO=TCP SPT=21 DPT=35312 WINDOW=65500 RES=0x00 ACK RST URGP=0 Feb 25 21:53:44 saturn kernel: TCP drop IN=eth0 OUT= MAC=00:e0:81:05:43:80:00:30:19:31:73:a8:08:00 SRC=207.171.169.19 DST=146.115.228.77 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=59014 DF PROTO=TCP SPT=80 DPT=1269 WINDOW=8760 RES=0x00 ACK RST URGP=0 In the first case I have the Bad Guy's (BG) packet originating from his ftp server port. In the second case I have BG's packet originating from his http server port. Is this a case of clearly forged packets or is there any possible legitimate way that this can happen? TIA -- -Time flies like the wind. Fruit flies like a banana. Stranger things have - -happened but none stranger than this. Does your driver's license say Organ -Donor?Black holes are where God divided by zero. Listen to me! We are all- -individuals! What if this weren't a hypothetical question? [EMAIL PROTECTED] ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
