Re: Weird TCP flags?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 11 December 2003 23:11, Ian Hunter wrote:
> OK, I have a router (lucy) with a webserver (192.168.254.242) in a DMZ (off
> eth1), and everything works fine -- when you hit my ip, you get the site,
> all is well.  However, I get STORMS of this nonsense in my logs:
>
> Dec 11 22:58:52 lucy kernel: Fwd DMZ->Internet DROP: IN=eth1 OUT=ppp0
> SRC=192.168.254.242 DST=204.157.6.223 LEN=60 TOS=0x00 PREC=0x00 TTL=63
> ID=56169 DF PROTO=TCP SPT=80 DPT=56319 WINDOW=32476 RES=0x00 ACK SYN URGP=0
>

These have ACK SYN set so I doubt they have anything to do with established 
connections. I would guess that this is a browser on the webserver itself 
trying to connect to an outside site which your rules don't allow. In this 
case: bart.routesys.com.

Jeff



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux