I seem to have picked up a bug, but am unable to trace it. Lots of these:
[55415.513723] Shorewall:fw2net:DROP:IN= OUT=wlan0 SRC=192.168.1.1 DST=97.107.134.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28176 DF PROTO=TCP SPT=55445 DPT=3333 WINDOW=14600 RES=0x00 SYN URGP=0 [55420.348527] Shorewall:fw2net:DROP:IN= OUT=wlan0 SRC=192.168.1.1 DST=97.107.134.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27353 DF PROTO=TCP SPT=55447 DPT=3333 WINDOW=14600 RES=0x00 SYN URGP=0 My shorewall is very tight, only allowing the absolute minimum in/out. This destination IP traces to some guy's home internet account in Chicago. (I'm in Shoreline, WA) No idea who he is or what this is about, but it started yesterday. It's possible that this is to do with one of the many Konqueror browser windows I have open and might be innocuous, but it does look suspicious. I ran nmap on this guy's IP and he has port 80 open (minimal Apache setup), SSH, 3000, and 3333. I tried to run openvas, but it's currently busted. I ran netcat to watch for this port, but it was blind when the next wave came, I suspect because it listens for the source port rather than the destination. Same with Wireshark, which I also had listening. Now I have Wireshark listening for the destination IP, but nothing yet. So far, Shorewall has been the only thing that's seen these transactions. My systems are very tight and are behind three wireless routers in series. The only way I can think of that I may have caught anything is through Konqueror, or email; I always run Konqi as user and I'm careful with kmail, opening emails as text and not opening suspicious attachments. Anyone have any idea what's going on here? -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
