Hi Group, I run RHEL ES 3.0, kernel 2.4.21-27.0.1.EL with IPtables as firewall.... I am getting some strange attacks on my gateway-firewall...here is the scrap of the tcpdump command that displays the traffic transaction on my gateway/firewall: [root@Firewall root]# tcpdump -i eth0 | grep microsoft tcpdump: listening on eth0 14:45:46.636128 188.26.25.111.1796 > hacked.e-microsoft.net.http: S 1395392512:1395392512(0) win 16384 14:45:47.136837 188.26.25.112.1217 > hacked.e-microsoft.net.http: S 40173568:40173568(0) win 16384 14:45:47.637597 188.26.25.113.1271 > hacked.e-microsoft.net.http: S 2122645504:2122645504(0) win 16384 14:45:48.138274 188.26.25.114.1623 > hacked.e-microsoft.net.http: S 1886519296:1886519296(0) win 16384 14:45:48.639106 188.26.25.115.1713 > hacked.e-microsoft.net.http: S 536215552:536215552(0) win 16384 14:45:49.139757 188.26.25.116.1541 > hacked.e-microsoft.net.http: S 1795227648:1795227648(0) win 16384 14:45:49.640460 188.26.25.117.1286 > hacked.e-microsoft.net.http: S 931528704:931528704(0) win 16384 14:46:24.414942 192.168.2.124.1060 > 65.53.141.93.microsoft-ds: S 2943232226:2943232226(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 14:47:06.524061 192.168.2.124.1063 > 65.53.141.93.microsoft-ds: S 1414470707:1414470707(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 14:47:18.559278 192.168.2.124.1065 > 65.53.192.13.microsoft-ds: S 3528415518:3528415518(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) 14:48:19.849458 188.26.20.195.1041 > hacked.e-microsoft.net.http: S 415105024:415105024(0) win 16384 14:48:20.346990 188.26.20.196.1474 > hacked.e-microsoft.net.http: S 1030488064:1030488064(0) win 16384 14:48:22.349682 188.26.20.200.1491 > hacked.e-microsoft.net.http: S 782630912:782630912(0) win 16384 14:48:23.351150 188.26.20.202.1590 > hacked.e-microsoft.net.http: S 10027008:10027008(0) win 16384 14:48:24.352641 188.26.20.204.1698 > hacked.e-microsoft.net.http: S 1303838720:1303838720(0) win 16384 14:48:24.853235 188.26.20.205.1442 > hacked.e-microsoft.net.http: S 968032256:968032256(0) win 16384 14:48:25.354003 188.26.20.206.1527 > hacked.e-microsoft.net.http: S 1304952832:1304952832(0) win 16384 14:48:25.854672 188.26.20.207.1642 > hacked.e-microsoft.net.http: S 1116405760:1116405760(0) win 16384 14:48:46.386855 188.26.20.248.1654 > hacked.e-microsoft.net.http: S 416743424:416743424(0) win 16384 14:48:55.907746 188.26.21.11.1192 > hacked.e-microsoft.net.http: S 202702848:202702848(0) win 16384 14:48:56.909174 188.26.21.13.1285 > hacked.e-microsoft.net.http: S 488112128:488112128(0) win 16384 14:49:10.438591 188.26.21.40.1664 > hacked.e-microsoft.net.http: S 691732480:691732480(0) win 16384 14:49:11.440020 188.26.21.42.1503 > hacked.e-microsoft.net.http: S 1183580160:1183580160(0) win 16384 14:49:13.943673 188.26.21.47.1193 > hacked.e-microsoft.net.http: S 216072192:216072192(0) win 16384 14:49:19.451578 188.26.21.58.1202 > hacked.e-microsoft.net.http: S 141623296:141623296(0) win 16384 42561 packets received by filter 32611 packets dropped by kernel Could anyone please tell whats going on my network...of if anyone has experienced the same attack....as such I did't find any thing on google regarding this.... Thanks for efforts..... Regards Oopss.. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list