Re: iptables questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/17/2011 01:25 PM, James McKenzie wrote:
> On 4/17/11 1:10 PM, JD wrote:
>> On 04/17/2011 12:34 PM, James McKenzie wrote:
>>> On 4/17/11 12:02 PM, JD wrote:
>>>> I have instrumented my iptables to log all DROP'ed packets.
>>>> I have a huge plethora of packets dropped from these
>>>> 3 IP addresses:
>>>> 74.125.127.109
>>>> 72.14.213.109
>>>> 74.125.53.109
>>> Google Mail on the Secure IMAP port?  Interesting.  Maybe they are
>>> misrouted packets or do you use Google Mail (gmail)?
>>>
>>> James McKenzie
>>>
>> My Thunderbird is configured to connect with pop.gmail.com
>> to retrieve my email.
>>
>> The Registrant of the primary domain is google,
>> and the Registrar is MarkMonitor.Com.
> [Whois and marketing stuff removed]
>
> Thus your system is NOT being hacked as stated by others.  If you are
> using Thunderbird, you had to configure it to connect on port 995, which
> I will correct, is the secure POP port.  Nothing is amiss here, just is
> that you sent your request to server 'A' in the farm and got a reply
> from server 'B' or server 'C' or server 'D'....  The first available
> will be replying.  You could 'sniff' the traffic, but since it is
> SSL/TLS encrypted, you would not be able to read anything (or left me
> restate this, should not be able to.)
>
> At this point, given all that has been given, you are at a ZERO percent
> hazard.  If you were receiving replies from a different set of addresses
> and these were not gmail's then I would have raised an eyebrow because
> that is an attack signature.
>
> James McKenzie
>
Well, it is a bit strange that Google would set up their servers
so that my machine tries to download latest messages by sending
it's request to pop.gmail.com (74.125.127.109) to port 995,
and receive reply from a different IP address.
How can I configure my firewall so that such replies are
not deemed as "not established"?
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux