[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Iptables: Packets from port 80 to unestablished ports

Subject: [ale] Iptables: Packets from port 80 to unestablished ports
From: kjkrum at comcast.net (Kevin Krumwiede)
Date: Tue, 29 Jul 2003 19:51:54 -0500

On Sat, 19 Jul 2003 11:47:01 -0400
Mike Millson <mmillson at meritonlinesystems.com> wrote:

> I have noticed a number of packets that my iptables firewall is dropping
> from port 80 because they are unrelated to an established connection. 
> 
> For example:
> 
> 07/19-08:52:53 kernel: ?INPUT:IN=ppp0 OUT= MAC= SRC=208.217.109.66
> DST=68.157.175.145 LEN=1452 TOS=0x00 PREC=0x00 TTL=50 ID=60713 DF
> PROTO=TCP SPT=80 DPT=35552 WINDOW=9648 RES=0x00 ACK URGP=0 
> 
> This is a legitimate site that I was visiting, so I revisited the site
> and logged all packets. It appears that several times per visit the web
> server sends one of these ACK packets to a port that has not previously
> been used in the conversation.

I've always seen this in my logs.  CNN's site is (or was) one that does this.  No idea why.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] jpeg -> windows xp icon?
Next by Date: [ale] Star vs Open Office
Previous by thread: [ale] Iptables: Packets from port 80 to unestablished ports
Next by thread: [ale] Iptables: Packets from port 80 to unestablished ports
Index(es):
- Date
- Thread