Re: iptables and Hotmail

Travis Ogdon Thu, 16 May 2002 08:02:21 -0700

Ramin Alidousti wrote:

> Do you only get FIN packets? What about DPT (33151), is it the
> port you send your original email to hotmail?
> 
> Ramin


They're all FIN packets, yes. The DPT is random per offense (ie. for every
group of 10 or whatever I get from hotmail the DPT is always the same, but
it never coincides with previous or future offenses). Again, these come from
IP addresses that are NOT found in my smtp logs. The smtp server (unless I'm
really confused about postfix) should be sending out via port 25 I would
think... it's just running on a standard port with the basic configuration.

I've included some more examples in case it helps. The last example I
believe is from an attempt to send to several hotmail accounts.

Original example:

> May 15 17:21:13 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11945 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:21:21 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11946 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:21:38 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=42543 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:22:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=42544 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:23:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=5521 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:24:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=65521 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:25:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=59985 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:26:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=54449 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
> May 15 17:27:12 nigel kernel: IN=eth0 OUT=
> MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.145
> DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=48913 DF PROTO=TCP
> SPT=25 DPT=33151 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 

Example 2:

May 11 00:16:56 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=8416 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:17:13 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=45813 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:17:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=45814 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:18:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=8881 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:19:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=3345 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:20:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=63345 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:21:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=57809 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:22:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=52273 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:23:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=46737 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 00:24:47 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.83
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=41201 DF PROTO=TCP
SPT=25 DPT=32955 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 


Example 3:


May 11 08:47:23 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=18613 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:23 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=34557 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:27 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.55.144
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=244 ID=47768 DF PROTO=TCP
SPT=25 DPT=32979 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:31 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=18614 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:31 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=34558 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:36 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.55.144
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=244 ID=47769 DF PROTO=TCP
SPT=25 DPT=32979 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:48 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=49131 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:48 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=65055 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:47:53 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.55.144
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=244 ID=17389 DF PROTO=TCP
SPT=25 DPT=32979 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:48:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=65056 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:48:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=49132 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:48:26 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.55.144
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=244 ID=17390 DF PROTO=TCP
SPT=25 DPT=32979 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:49:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=27793 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:49:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11939 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:50:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=22257 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:50:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=6403 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:51:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=16721 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:51:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=867 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:51:48 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.55.144
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=244 ID=56471 DF PROTO=TCP
SPT=25 DPT=32979 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:52:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=11185 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:52:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=60867 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:53:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=5649 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:53:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=55331 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:54:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=113 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:54:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=49795 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:55:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.214
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=60113 DF PROTO=TCP
SPT=25 DPT=32980 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 
May 11 08:55:22 nigel kernel: IN=eth0 OUT=
MAC=00:50:ba:c1:e1:c0:00:10:67:00:2b:06:08:00 SRC=64.4.49.140
DST=xxx.xxx.xxx.xx LEN=82 TOS=0x00 PREC=0x00 TTL=243 ID=44259 DF PROTO=TCP
SPT=25 DPT=32978 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0 


-- Travis

Re: iptables and Hotmail

Reply via email to