Blocked port 25 activity -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is an updated F-10 desktop computer, my ISP is a satellite service, wildblue.net who quit providing mail servers and switched to gmail about a year ago.

Recently I have been observing a continuous stream of blocked port 25 connections from this box 192.168.1.9 in the Firestarter log. The normal SMTP port is 465. They appear to be directed at a google name server although /etc/resolv.conf shows

   [bobg@box9 ~]$ cat /etc/resolv.conf
   nameserver 208.67.220.220
   nameserver 208.67.222.222
   # nameserver 12/189.32.61

And I see the following logged:

/var/log/messages

Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


Whois shows:

NetRange:   209.85.128.0 - 209.85.255.255
CIDR:       209.85.128.0/17
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM



Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


NetRange:   66.249.64.0 - 66.249.95.255
CIDR:       66.249.64.0/19
NetName:    GOOGLE
NetHandle:  NET-66-249-64-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM

I guess it's not hurting anything but I would feel better if I didn't see all this activity apparently going nowhere. I don't know how to find what's causing it, at least I haven't found it yet.

Any suggestions?

Bob

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux