On Thu, May 16, 2002 at 08:18:50AM -0700, Travis Ogdon wrote: > Ramin Alidousti wrote: > > > Do you only get FIN packets? What about DPT (33151), is it the > > port you send your original email to hotmail? > > > > Ramin > > They're all FIN packets, yes. The DPT is random per offense (ie. for every > group of 10 or whatever I get from hotmail the DPT is always the same, but > it never coincides with previous or future offenses). Again, these come from > IP addresses that are NOT found in my smtp logs. The smtp server (unless I'm > really confused about postfix) should be sending out via port 25 I would > think... it's just running on a standard port with the basic configuration.
It would not surprise me if these IP's are running some M$ OS and as usual the IP stack is broken and they spew out INVALID packets. I've seen similar FIN flooding while accessing M$ based web servers. Just ignore them. Ramin
