On Wednesday 03 December 2003 10:10 pm, Michael Gale wrote:
> In my log I am seeing the following -- but our production FTP server is
> currently out side of our network so we can connecting to it through a
> Cisco router. Not my doing :( Dec 3 15:00:57 lightning kernel:
> Firewall:IN=eth0 OUT= MAC=X.X.X.X SRC=CISCO_ROUTER DST=FTP_SERVER LEN=40
> TOS=0x00 PREC=0x00 TTL=255 ID=16538 PROTO=TCP SPT=5 DPT=35607 WINDOW=0
> RES=0x00 ACK RST URGP=0
>
> There are a large number of these packets -- at first it thought maybe it
> was the Cisco router doing something funny when a FTP connect closed and it
> was trying to close or reset the data channel.
>
> Any ideas ?
The packet in the log above has ACK and RST set - that suggests that the
remote end has rather abruptly decided to terminate the connection (ACK and
FIN would be used for a polite termination).
However - Source Port 5??? Remote Job Entry??? That seems so unlikely...
Frankly I can't see that it has anything to do with FTP service at all.
It would be useful to know what network activity preceded this log entry -
what was someone trying to do (almost certainly starting from the FTP server,
sending to the router)?
Antony.
--
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.
- Frank Skinner
Please reply to the list;
please don't CC me.
