Yes its, all tcpdump logged packets are all with the SYN flag on (and DF too) It means that all packets that you are looking at, are the host trying to reach a destination that it can not connect, so it tries, and tries and tries again. It means that the path to the "way out" is blocked. -----Mensaje original----- De: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] En nombre de azeem ahmad Enviado el: Viernes, 14 de Mayo de 2004 17:12 Para: netfilter@xxxxxxxxxxxxxxxxxxx Asunto: Re: smtp thanks a lot for solving this problem but here just tell me one thing more that how u said that i m safe. is there tcpdump output telling something. if yes then how u judge it. Regards Azeem >From: Gavin Hamill <gdh@xxxxxxxxxxxxxx> >To: netfilter@xxxxxxxxxxxxxxxxxxx >Subject: Re: smtp >Date: Fri, 14 May 2004 20:47:23 +0100 > >On Friday 14 May 2004 19:54, azeem ahmad wrote: > > hi > > here is the out put even after blocking all smtp > > >----------------------------------------------------------------------- >---- > >------------------------------------------------------ > >21:17:31.259275 > > 192.168.0.101.4730 > 207.24.89.66.smtp: S > > 556950735:556950735(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) > >Notice how all of these are your infected PC trying to talk to the >outside world, and that there are no packets from the outside world to >the infected PC? This will be due to your iptables commands blocking >this from happening.. >and given that the snapshot took place over 4 seconds, I would say >you're quite safe :) > >Yes, the infected PC will continue to spew out packets until it's >fixed, but there is no danger, and your Internet bandwidth will no >longer be affected. > >Cheers, >Gavin. > _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
