On Tuesday 16 March 2004 11:40 am, debw wrote: > Hi, > > After some recent maintenance work on our Bering 1.2 box, shorewall.log > has begun showing strange connection attempts from local adresses > in the network range 10.1.1.x to our ISP allocated IP address.
Those are not connection attempts -- they are TCP packets with the RST flag set. Furthermore, since the source port is 80 there is a good chance that some host behind your firewall is initiating the TCP connection to port 80. I'm guessing that some remote gateway is broken such that it is performing DNAT on a connection request then subsequently rejecting the request without restoring the original source address. That's only a guess though -- you would have to capture the entire connection sequence to verify that. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
