Hello list, I have some strange entries in my firewall log concerning our mailserver. Every day there are numerous entries with packets coming from source ports 850-910 to a very high destination port. An excerpt, you see below. x.y.z.[0-9]* is the host outside, a.b.c.d is our mailserver (to protect the innocent ;-)). Feb 13 08:29:26 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d LEN=143 TOS=0x00 PREC=0x00 TTL=55 ID=8196 DF PROTO=TCP SPT=859 DPT=56926 WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0 Feb 13 13:32:36 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d LEN=84 TOS=0x00 PREC=0x00 TTL=55 ID=45926 DF PROTO=TCP SPT=902 DPT=57334 WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0 Feb 13 13:32:45 localhost kernel: IN=eth0 OUT=eth1 SRC=x.y.z.83 DST=a.b.c.d LEN=84 TOS=0x00 PREC=0x00 TTL=55 ID=45951 DF PROTO=TCP SPT=902 DPT=57334 WINDOW=24616 RES=0x00 ACK PSH FIN URGP=0 For an answer I thank you in advance. Regards Kurt Tragant __________________________________________________________________ Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen! Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
