On 17 April 2011 20:33, Joe Zeff <joe@xxxxxxx> wrote: > On 04/17/2011 12:02 PM, JD wrote: >> All 3 addresses belong to google. >> Just do Âwhois 1e100.net > > ÂDomain Name: 1e100.net > > Â Â Â Â Registrar Name: Markmonitor.com > Â Â Â Â Registrar Whois: whois.markmonitor.com > Â Â Â Â Registrar Homepage: http://www.markmonitor.com > > Yes, Google is the administrative and technical contact, but it looks > like marakmonitor.com is trying to hack your machine, not Google. No, it's Google: http://www.webmasterworld.com/google/4050443.htm 1e100 is the scientific notation of 10^100 aka one Googol (http://en.wikipedia.org/wiki/Googol) MarkMonitor is just the brand agency they are using to register the name and "protect their global brand". As to what it's doing, I don't know - it sounds like it's sending traffic from port 995 to your machine because you are connecting to GMail. It's entirely possible that because gmail is composed of millions of different machines, those packets are coming back not from the machine you are directly connected to and hence aren't hitting your ESTABLISHED,RELATED rules. You'd need plug a packet capture into something like Wireshark and look at the conversation to know what those packets are supposed to be. -- Sam -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines