SYN_SENT question
This is a discussion on SYN_SENT question within the IPFilter forums, part of the System Security and Security Related category; --0__=0ABBF96EDFF2EC2E8f9e8a93df938690918c0ABBF96EDF F2EC2E Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Hello all, I am fairly ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-28-2008
|
|||
|
|||
SYN_SENT question
--0__=0ABBF96EDFF2EC2E8f9e8a93df938690918c0ABBF96EDF F2EC2E
Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Hello all, I am fairly new to ipfilter and had a question about something I = am noticing. This is running on SunOS XXXX 5.8 Generic_117350-51 sun4u sp= arc SUNW,Ultra-250 and IPF version 4.1.28. This server is primarily running= a listserv thus needing smtp to be open and running without problems. My question is this, is what I'm seeing bellow normal or is there somethin= g I can change to fix this problem. I have hidden the IPs for security reas= ons. Thanks in advance. -Luiz ipmon: 28/02/2008 12:39:59.634787 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.XXX.XXX,44080 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:40:59.630671 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.XXX.XXX,44153 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:41:28.644906 hme0 @0:18 b 218.233.144.195,25 -> XXX.XXX.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:41:38.649272 hme0 @0:18 b 218.233.144.195,25 -> XXX.XXX.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:41:48.645091 hme0 @0:18 b 218.233.144.195,25 -> XXX.XXX.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:41:58.655520 hme0 @0:18 b 218.233.144.195,25 -> XXX.XXX.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:41:58.675230 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.XXX.XXX,44214 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:42:08.632902 hme0 @0:18 b 66.158.17.25,25 -> XXX.XXX.XXX.XXX,44223 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:42:08.656886 hme0 @0:18 b 218.233.144.195,25 -> XXX.XXX.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:42:58.671929 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.XXX.XXX,44270 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:43:08.631484 hme0 @0:18 b 66.158.17.25,25 -> XXX.XXX.XXX.XXX,44276 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:44:27.744362 hme0 @0:18 b 157.182.232.199,25 -> XXX.XXX.XXX.XXX,44351 PR tcp len 20 40 -AR IN OOW 28/02/2008 12:44:37.699773 hme0 @0:18 b 157.182.203.37,25 -> XXX.XXX.XXX.XXX,44364 PR tcp len 20 40 -AR IN OOW netstat: XXX.XXX.XXX.XXX.44287 219.251.130.43.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44296 213.229.249.143.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44299 192.190.33.73.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44319 213.229.249.143.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44321 204.255.44.42.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44322 204.255.44.42.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44323 69.25.47.164.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44326 163.120.15.5.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44329 216.68.8.212.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44336 204.255.44.42.25 0 0 65700 = 0 SYN_SENT XXX.XXX.XXX.XXX.44337 157.28.10.56.25 0 0 65700 = 0 SYN_SENT rules: @1 pass in quick on lo0 all @2 pass in quick on hme0 proto tcp from any to any port =3D smtp flags S/FSRPAU keep state keep frags @3 pass in quick on hme0 proto tcp from any to any port =3D 80 keep sta= te @4 pass in quick on hme0 proto icmp from any to any icmp-type echo @5 pass in quick on hme0 proto tcp from any to any port =3D ssh flags S= /SA keep state @6 pass in log quick on hme0 proto tcp from XXX.XXX.XXX.XXX/32 to XXX.XXX.XXX.XXX/32 port =3D 7938 keep state @7 pass in log quick on hme0 proto tcp from XXX.XXX.XXX.XXX/32 to XXX.XXX.XXX.XXX/32 port =3D 7937 keep state @8 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32 @9 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32 @10 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32 @11 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32 @12 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any @13 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32 @14 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any port =3D 21 @15 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any port =3D 25 @16 pass in quick on hme0 proto tcp from any to any port =3D 113 keep s= tate @17 block return-rst in log on hme0 proto tcp from any to any flags S/FSRPAU @18 block in log on hme0 all= --0__=0ABBF96EDFF2EC2E8f9e8a93df938690918c0ABBF96EDF F2EC2E Content-type: text/html; charset=US-ASCII Content-Disposition: inline Content-transfer-encoding: quoted-printable <html><body> <p>Hello all,<br> I am fairly new to ipfilter and had a question about something I am no= ticing. This is running on SunOS XXXX 5.8 Generic_117350-51 sun4u spar= c SUNW,Ultra-250 and IPF version 4.1.28. This server is primarily runni= ng a listserv thus needing smtp to be open and running without problems= .. My question is this, is what I'm seeing bellow normal or is there som= ething I can change to fix this problem. I have hidden the IPs for secu= rity reasons. <br> <br> Thanks in advance.<br> <br> -Luiz<br> <br> <br> ipmon:<br> 28/02/2008 12:39:59.634787 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.= XXX.XXX,44080 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:40:59.630671 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.= XXX.XXX,44153 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:41:28.644906 hme0 @0:18 b 218.233.144.195,25 -> XXX.XX= X.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:41:38.649272 hme0 @0:18 b 218.233.144.195,25 -> XXX.XX= X.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:41:48.645091 hme0 @0:18 b 218.233.144.195,25 -> XXX.XX= X.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:41:58.655520 hme0 @0:18 b 218.233.144.195,25 -> XXX.XX= X.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:41:58.675230 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.= XXX.XXX,44214 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:42:08.632902 hme0 @0:18 b 66.158.17.25,25 -> XXX.XXX.X= XX.XXX,44223 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:42:08.656886 hme0 @0:18 b 218.233.144.195,25 -> XXX.XX= X.XXX.XXX,44172 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:42:58.671929 hme0 @0:18 b 204.13.161.20,25 -> XXX.XXX.= XXX.XXX,44270 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:43:08.631484 hme0 @0:18 b 66.158.17.25,25 -> XXX.XXX.X= XX.XXX,44276 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:44:27.744362 hme0 @0:18 b 157.182.232.199,25 -> XXX.XX= X.XXX.XXX,44351 PR tcp len 20 40 -AR IN OOW<br> 28/02/2008 12:44:37.699773 hme0 @0:18 b 157.182.203.37,25 -> XXX.XXX= ..XXX.XXX,44364 PR tcp len 20 40 -AR IN OOW<br> <br> netstat:<br> XXX.XXX.XXX.XXX.44287 219.251.130.43.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44296 213.229.249.143.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44299 192.190.33.73.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44319 213.229.249.143.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44321 204.255.44.42.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44322 204.255.44.42.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44323 69.25.47.164.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44326 163.120.15.5.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44329 216.68.8.212.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44336 204.255.44.42.25 0 0 65700 = 0 SYN_SENT<br> XXX.XXX.XXX.XXX.44337 157.28.10.56.25 0 0 65700 = 0 SYN_SENT<br> <br> rules:<br> @1 pass in quick on lo0 all<br> @2 pass in quick on hme0 proto tcp from any to any port =3D smtp flags = S/FSRPAU keep state keep frags<br> @3 pass in quick on hme0 proto tcp from any to any port =3D 80 keep sta= te<br> @4 pass in quick on hme0 proto icmp from any to any icmp-type echo<br> @5 pass in quick on hme0 proto tcp from any to any port =3D ssh flags S= /SA keep state<br> @6 pass in log quick on hme0 proto tcp from XXX.XXX.XXX.XXX/32 to XXX.X= XX.XXX.XXX/32 port =3D 7938 keep state<br> @7 pass in log quick on hme0 proto tcp from XXX.XXX.XXX.XXX/32 to XXX.X= XX.XXX.XXX/32 port =3D 7937 keep state<br> @8 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32<br> @9 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32<br> @10 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32<br> @11 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32<br> @12 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any<br> @13 block in quick on hme0 from any to XXX.XXX.XXX.XXX/32<br> @14 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any port =3D 21<b= r> @15 block in quick on hme0 from XXX.XXX.XXX.XXX/32 to any port =3D 25<b= r> @16 pass in quick on hme0 proto tcp from any to any port =3D 113 keep s= tate<br> @17 block return-rst in log on hme0 proto tcp from any to any flags S/F= SRPAU<br> @18 block in log on hme0 all<br> </body></html>= --0__=0ABBF96EDFF2EC2E8f9e8a93df938690918c0ABBF96EDF F2EC2E-- 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 12:56 PM.
