Source port = 25 and Flags = Ack/Fin

Hi,

I am setting up ipfilter on an existing server. I eventually want to
default
to block for all inbound traffic, only allowing certain services
based on
specific pass rules. As this is an established server I am very
nervous
of doing this until I am certain that all valid traffic is being
accepted. I have
been running this for a while now, logging any traffic that 'falls
through' the
bottom of my ruleset. I have been getting some packets passing
through
with a source port of 25, with flags of Ack/Fin, mainly from servers
which
seem to be AOL mx servers. I have been hunting around the net,
which
gives me the impression that these could be ignored, but I haven't
found
anything that makes me certain of that.

Would someone have a look at these lines from the log and explain
what
they are and why they aren't being caught by the rules below?

Can I ignore them and allow them to be blocked by default?

----- Relevant lines from ipf.conf -----
# Default to block all
block in all

# SMTP
pass in quick proto tcp from any to 128.40.182.5/32 port = 25 flags S
keep state keep frags

# During testing pass anything that gets this far
pass in all

# Log any traffic that falls through this far
log in all
----- ipf.conf -----

----- Sample lines from log -----
08/04/2005 09:54:36.397670 iprb0 @0:27 L 205.188.158.57,25 ->
128.40.182.5,44904 PR tcp len 20 52 -AF IN
08/04/2005 09:55:23.491951 iprb0 @0:27 L 205.188.158.25,25 ->
128.40.182.5,45010 PR tcp len 20 52 -AF IN
08/04/2005 09:55:27.648246 iprb0 @0:27 L 205.188.158.25,25 ->
128.40.182.5,45010 PR tcp len 20 52 -AF IN
08/04/2005 09:55:35.967539 iprb0 @0:27 L 205.188.158.25,25 ->
128.40.182.5,45010 PR tcp len 20 52 -AF IN
----- Sample lines from log -----



Many thanks


--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"It is easy to be blinded to the essential uselessness of
computers by the sense of accomplishment you get from
getting them to work at all." -- Douglas Adams