On Tuesday 23 December 2003 18:57, Vinayakam Murugan wrote: > > You say you can access the site without any problems. > > > > I would expect the above log entries to happen when you close down the > > browser (or view a different site), but the remote server still continues > > to send a few packets. They are no longer part of an established > > connection as far as netfilter is concerned, so they get logged. > > > > Try checking the timestamps, or view the logfile in real time as you do > > your browsing - I'd expect these log entries to occur soon after you > > leave the site at the SRC address. > Thanks Antony. I'm Rajiv's colleague We were not able to reproduce it out here.Anyways in this scenario, would the packet would have the state as NEW? All these logs are of packets with state NEW. Another peculiar log which we would like to get more info on are Dec 23 18:43:05 theargonserver kernel: IPT IN_FIREWALL_NEW: IN=eth1 OUT= MAC=00:03:47:6a:5c:6b:00:c0:49:25:d1:a3:08:00 SRC=80.15.238.66 DST=xxx.xxx.xxx.xxx LEN=73 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=UDP SPT=31819 DPT=53 LEN=53 There are a lot of packets to port 53. Is this normal? -- Warm Regards ~~~~~~~~~~~~~~~~~~~~~~~ Vinayakam Murugan Viruses getting you down? Get your virus protected mailbox at http://www.tassm.com Linux: The choice of a GNU generation
