Re: Source port = 25 and Flags = Ack/Fin

This is a discussion on Re: Source port = 25 and Flags = Ack/Fin within the IPFilter forums, part of the System Security and Security Related category; On Fri, Apr 08, 2005 at 12:20:06PM +0100, a.peacock@ucl.ac.uk wrote: > > # SMTP > ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Source port = 25 and Flags = Ack/Fin

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-08-2005
Guido van Rooij
 
Posts: n/a
Default Re: Source port = 25 and Flags = Ack/Fin
On Fri, Apr 08, 2005 at 12:20:06PM +0100, a.peacock@ucl.ac.uk wrote:
>
> # SMTP
> pass in quick proto tcp from any to 128.40.182.5/32 port = 25 flags S
> keep state keep frags

If you're using ipfil 4 or higher, you can use log-first in the above
rule. You'll then probably find out that the ack/fin you are seeing
is a retransmission of the end of a valid tcp session, where
the accompanying state entry already timed out on your ipf host
and the other end of the connection somehow hasn't seen the ACK you
sent.

-Guido
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:57 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0