I spotted this trapped packet in my logs: Oct 8 02:06:23 gw kernel: FIREWALL FWD pkt dropped:IN=eth2 OUT=ppp0 SRC=192.168.254.17 DST=133.9.187.227 LEN= 60 TOS=0x00 PREC=0x00 TTL=63 ID=2631 DF PROTO=TCP SPT=2548 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Why would my externally publicly accessible web/mail server be trying to establish an http connection to a site somewhere at waseda.ac.jp? As far as I am concerned this box should be trying to establish any outgoing http connections and especially to that site. There is nothing in any of the cron files at this time and the process table doesn't show anything odd running. (Thinks - check ps) -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "Flatter government, not fatter government." - me Get rid of the Australian states. ------------------------------------------ If electricity comes from electrons, does morality come from morons? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
