On 4/17/11 1:10 PM, JD wrote: > On 04/17/2011 12:34 PM, James McKenzie wrote: >> On 4/17/11 12:02 PM, JD wrote: >>> I have instrumented my iptables to log all DROP'ed packets. >>> I have a huge plethora of packets dropped from these >>> 3 IP addresses: >>> 74.125.127.109 >>> 72.14.213.109 >>> 74.125.53.109 >> Google Mail on the Secure IMAP port? Interesting. Maybe they are >> misrouted packets or do you use Google Mail (gmail)? >> >> James McKenzie >> > My Thunderbird is configured to connect with pop.gmail.com > to retrieve my email. > > The Registrant of the primary domain is google, > and the Registrar is MarkMonitor.Com. [Whois and marketing stuff removed] Thus your system is NOT being hacked as stated by others. If you are using Thunderbird, you had to configure it to connect on port 995, which I will correct, is the secure POP port. Nothing is amiss here, just is that you sent your request to server 'A' in the farm and got a reply from server 'B' or server 'C' or server 'D'.... The first available will be replying. You could 'sniff' the traffic, but since it is SSL/TLS encrypted, you would not be able to read anything (or left me restate this, should not be able to.) At this point, given all that has been given, you are at a ZERO percent hazard. If you were receiving replies from a different set of addresses and these were not gmail's then I would have raised an eyebrow because that is an attack signature. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
