Sorry, I'm a bit of a novice with understanding the iptables logged
output. I'm obviously rejecting some packets that don't appear to be
generated by my server, yet they seem to indicate that they were
generated by my server? I can not identify any process/daemon of mine
that should be generating any of these entries.
Do they look "familiar" to anyone? Are there any tools recommended to
better determine what rule they're triggering or something?
Thanks in advance,
AJ
Oct 8 22:22:41 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=54.248.104.161 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=TCP SPT=80 DPT=50740 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 22:52:20 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=1.34.22.39 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=TCP SPT=1080 DPT=6000 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 22:57:35 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=61.160.195.24 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=TCP SPT=1433 DPT=6000 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 23:06:34 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=218.201.121.99 LEN=40 TOS=0x00 PREC=0x40 TTL=64 ID=0
DF PROTO=TCP SPT=8080 DPT=3955 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=TCP SPT=9000 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=TCP SPT=2479 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
Oct 8 23:11:23 servername kernel: [TCP reject] IN= OUT=eth0
SRC=74.x.x.x DST=58.218.199.227 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=TCP SPT=8118 DPT=12200 WINDOW=5 RES=0x00 ACK SYN URGP=0
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
