F13 Firewall and gateway router port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  I have a router/gateway which forwards a few ports
to my machine. Port 995 is absolutely not one of them.
I checked and rechecked.

My F13 iptables is instrumented to print a "Dropped" message
for packets that it drops.
So I was surprised to see many messages like this:

Dropped by firewall: IN=wlan0 OUT= 
MAC=aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:08:00 SRC=74.125.127.109 
DST=10.1.1.8 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=52856 PROTO=TCP SPT=995 
DPT=57892 WINDOW=0 RES=0x00 RST URGP=0

Port 995 is for SSL'ed pop protocol.

I even used another machine and tried to telnet to the
router's public IP address, port 995

telnet  my-router-public-ip-address  995

to see if it would forward the packet to my machine.
It did not and the firewall did not even see the packet.

How can this happen? The packet obviously arrived from the gmail pop server,
unless a clever hacker spoofed the source IP.
I do not understand how any server can worm a packet to my LAN address,
when the router's per-LAN-client dedicated firewalls
do not provide for forwarding this port to any machine on the LAN.
(yes - this router provides a separately configurable firewall and port 
forewading table for each LAN client) -

Is it possible that the router itself got hacked?

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux