FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-04-2008, 02:16 PM
"Douglas A. Tutty"
 
Default strange Shorewall entry

Hello all,

I found this in my log today:

Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF
PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF
PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0

I have shorewall reject anything going out via a port I haven't opened.
Neither source nor destination ports are in /etc/services and I haven't
seen these before.

My concern is that they come from my box (fw) and attempt to go out to
the net. This implies that something on my box is corrupted. Any
ideas? At the time of this entry, my box was running Konqueror (via ssh
from the other box) and was downloading information on HP DDS tapes from
the HP website. It also had open tabs to wikipedia and perhaps a google
search results page.

The box is an AMD Athlon64 running Etch amd64 up-to-date as of
yesterday.

Just in case, I have my backup from December 22 on another box. I'm
running a new backup on the affected box (my main box) now.

Any ideas? Thanks,

Doug.




Here's the entire syslog segment for this ppp session (around 2 hrs).

----
Jan 3 20:38:41 titan pppd[8479]: pppd 2.4.4 started by dtutty, uid 1000
Jan 3 20:38:42 titan chat[8481]: abort on (BUSY)
Jan 3 20:38:42 titan chat[8481]: abort on (NO CARRIER)
Jan 3 20:38:42 titan chat[8481]: abort on (VOICE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO DIALTONE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO DIAL TONE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO ANSWER)
Jan 3 20:38:42 titan chat[8481]: abort on (DELAYED)
Jan 3 20:38:42 titan chat[8481]: timeout set to 120 seconds
Jan 3 20:38:42 titan chat[8481]: send (dATZ^M)
Jan 3 20:38:43 titan chat[8481]: expect (OK)
Jan 3 20:38:44 titan chat[8481]: ATZ^M^M
Jan 3 20:38:44 titan chat[8481]: OK
Jan 3 20:38:44 titan chat[8481]: -- got it
Jan 3 20:38:44 titan chat[8481]: send (dATDT6138870104^M)
Jan 3 20:38:46 titan chat[8481]: expect (CONNECT)
Jan 3 20:38:46 titan chat[8481]: ^M
Jan 3 20:39:18 titan chat[8481]: ATDT6138870104^M^M
Jan 3 20:39:18 titan chat[8481]: CONNECT
Jan 3 20:39:18 titan chat[8481]: -- got it
Jan 3 20:39:18 titan chat[8481]: send (d)
Jan 3 20:39:19 titan pppd[8479]: Serial connection established.
Jan 3 20:39:19 titan pppd[8479]: Using interface ppp0
Jan 3 20:39:19 titan pppd[8479]: Connect: ppp0 <--> /dev/ttyS0
Jan 3 20:39:21 titan pppd[8479]: PAP authentication succeeded
Jan 3 20:39:21 titan pppd[8479]: Cannot determine ethernet address for proxy ARP
Jan 3 20:39:21 titan pppd[8479]: local IP address 209.29.44.23
Jan 3 20:39:21 titan pppd[8479]: remote IP address 209.171.52.135
Jan 3 20:39:21 titan pppd[8479]: primary DNS address 209.171.52.133
Jan 3 20:39:21 titan pppd[8479]: secondary DNS address 66.38.173.67
Jan 3 20:39:36 titan dnsmasq[5133]: reading /var/run/dnsmasq/resolv.conf
Jan 3 20:39:36 titan dnsmasq[5133]: using nameserver 66.38.173.67#53
Jan 3 20:39:36 titan dnsmasq[5133]: using nameserver 209.171.52.133#53
Jan 3 20:39:39 titan fetchmail[8317]: terminated with signal 15
Jan 3 20:39:40 titan fetchmail[8601]: starting fetchmail 6.3.6 daemon
Jan 3 20:39:40 titan ntpd[8335]: ntpd exiting on signal 15
Jan 3 20:39:42 titan ntpd[8618]: ntpd 4.2.2p4@1.1585-o Sun Mar 4 13:05:22 UTC 2007 (1)
Jan 3 20:39:42 titan ntpd[8619]: precision = 1.000 usec
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface wildcard, 0.0.0.0#123 Disabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface wildcard, ::#123 Disabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface lo, ::1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface eth1, fe80::217:31ff:fecb:efeb#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface lo, 127.0.0.1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface eth1, 192.168.1.1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface ppp0, 209.29.44.23#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: kernel time sync status 0040
Jan 3 20:39:42 titan ntpd[8619]: frequency initialized -37.629 PPM from /var/lib/ntp/ntp.drift
Jan 3 20:39:48 titan fetchmail[8601]: 2 messages for dtutty at pop.porchlight.ca (7594 octets).
Jan 3 20:39:51 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 2 (3249 octets) flushed
Jan 3 20:39:55 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 20:39:55 titan ntpd[8619]: kernel time sync enabled 0001
Jan 3 20:39:55 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 2 (4345 octets) flushed
Jan 3 20:39:57 titan fetchmail[8601]: sleeping at Thu Jan 3 20:39:57 2008 for 300 seconds
Jan 3 20:44:57 titan fetchmail[8601]: awakened at Thu Jan 3 20:44:57 2008
Jan 3 20:44:58 titan fetchmail[8601]: sleeping at Thu Jan 3 20:44:58 2008 for 300 seconds
Jan 3 20:49:58 titan fetchmail[8601]: awakened at Thu Jan 3 20:49:58 2008
Jan 3 20:50:07 titan fetchmail[8601]: sleeping at Thu Jan 3 20:50:07 2008 for 300 seconds
Jan 3 20:55:07 titan fetchmail[8601]: awakened at Thu Jan 3 20:55:07 2008
Jan 3 20:55:26 titan hddtemp[5467]: /dev/sda: ST380811AS: 25 C
Jan 3 20:55:26 titan hddtemp[5467]: /dev/sdb: ST380811AS: 28 C
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 76 to 75
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 24 to 25
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 74 to 73
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 26 to 27
Jan 3 20:55:32 titan fetchmail[8601]: sleeping at Thu Jan 3 20:55:32 2008 for 300 seconds
Jan 3 21:00:32 titan fetchmail[8601]: awakened at Thu Jan 3 21:00:32 2008
Jan 3 21:00:34 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (5391 octets).
Jan 3 21:00:35 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (5391 octets) flushed
Jan 3 21:00:36 titan fetchmail[8601]: sleeping at Thu Jan 3 21:00:36 2008 for 300 seconds
Jan 3 21:02:18 titan ntpd[8619]: synchronized to 132.246.168.148, stratum 2
Jan 3 21:05:36 titan fetchmail[8601]: awakened at Thu Jan 3 21:05:36 2008
Jan 3 21:05:37 titan fetchmail[8601]: sleeping at Thu Jan 3 21:05:37 2008 for 300 seconds
Jan 3 21:10:37 titan fetchmail[8601]: awakened at Thu Jan 3 21:10:37 2008
Jan 3 21:10:51 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3269 octets).
Jan 3 21:11:05 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3269 octets) flushed
Jan 3 21:11:07 titan fetchmail[8601]: sleeping at Thu Jan 3 21:11:07 2008 for 300 seconds
Jan 3 21:16:07 titan fetchmail[8601]: awakened at Thu Jan 3 21:16:07 2008
Jan 3 21:16:08 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3486 octets).
Jan 3 21:16:09 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3486 octets) flushed
Jan 3 21:16:09 titan fetchmail[8601]: sleeping at Thu Jan 3 21:16:09 2008 for 300 seconds
Jan 3 21:17:01 titan /USR/SBIN/CRON[8666]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 3 21:21:09 titan fetchmail[8601]: awakened at Thu Jan 3 21:21:09 2008
Jan 3 21:21:13 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4232 octets).
Jan 3 21:21:16 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4232 octets) flushed
Jan 3 21:21:17 titan fetchmail[8601]: sleeping at Thu Jan 3 21:21:17 2008 for 300 seconds
Jan 3 21:23:45 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 75 to 76
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 25 to 24
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 73 to 74
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 27 to 26
Jan 3 21:25:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 24 C
Jan 3 21:25:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 26 C
Jan 3 21:26:17 titan fetchmail[8601]: awakened at Thu Jan 3 21:26:17 2008
Jan 3 21:26:18 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3042 octets).
Jan 3 21:26:20 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3042 octets) flushed
Jan 3 21:26:20 titan fetchmail[8601]: sleeping at Thu Jan 3 21:26:20 2008 for 300 seconds
Jan 3 21:31:20 titan fetchmail[8601]: awakened at Thu Jan 3 21:31:20 2008
Jan 3 21:31:21 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3695 octets).
Jan 3 21:31:22 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3695 octets) flushed
Jan 3 21:31:23 titan fetchmail[8601]: sleeping at Thu Jan 3 21:31:23 2008 for 300 seconds
Jan 3 21:36:23 titan fetchmail[8601]: awakened at Thu Jan 3 21:36:23 2008
Jan 3 21:36:24 titan fetchmail[8601]: 2 messages for dtutty at pop.porchlight.ca (8930 octets).
Jan 3 21:36:25 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 2 (4479 octets) flushed
Jan 3 21:36:27 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 2 (4451 octets) flushed
Jan 3 21:36:27 titan fetchmail[8601]: sleeping at Thu Jan 3 21:36:27 2008 for 300 seconds
Jan 3 21:41:27 titan fetchmail[8601]: awakened at Thu Jan 3 21:41:27 2008
Jan 3 21:41:29 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4066 octets).
Jan 3 21:41:30 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4066 octets) flushed
Jan 3 21:41:30 titan fetchmail[8601]: sleeping at Thu Jan 3 21:41:30 2008 for 300 seconds
Jan 3 21:46:30 titan fetchmail[8601]: awakened at Thu Jan 3 21:46:30 2008
Jan 3 21:46:33 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4832 octets).
Jan 3 21:46:34 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4832 octets) flushed
Jan 3 21:46:34 titan fetchmail[8601]: sleeping at Thu Jan 3 21:46:34 2008 for 300 seconds
Jan 3 21:51:34 titan fetchmail[8601]: awakened at Thu Jan 3 21:51:34 2008
Jan 3 21:51:55 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4225 octets).
Jan 3 21:51:57 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4225 octets) flushed
Jan 3 21:51:57 titan fetchmail[8601]: sleeping at Thu Jan 3 21:51:57 2008 for 300 seconds
Jan 3 21:53:45 titan ntpd[8619]: synchronized to 132.246.168.148, stratum 2
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 76 to 75
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 24 to 25
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 74 to 73
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 26 to 27
Jan 3 21:55:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 25 C
Jan 3 21:55:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 27 C
Jan 3 21:56:57 titan fetchmail[8601]: awakened at Thu Jan 3 21:56:57 2008
Jan 3 21:57:08 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4575 octets).
Jan 3 21:57:22 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4575 octets) flushed
Jan 3 21:57:26 titan fetchmail[8601]: sleeping at Thu Jan 3 21:57:26 2008 for 300 seconds
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 22:02:26 titan fetchmail[8601]: awakened at Thu Jan 3 22:02:26 2008
Jan 3 22:02:34 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (2768 octets).
Jan 3 22:02:38 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (2768 octets) flushed
Jan 3 22:02:41 titan fetchmail[8601]: sleeping at Thu Jan 3 22:02:41 2008 for 300 seconds
Jan 3 22:07:41 titan fetchmail[8601]: awakened at Thu Jan 3 22:07:41 2008
Jan 3 22:08:03 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3140 octets).
Jan 3 22:08:09 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3140 octets) flushed
Jan 3 22:08:13 titan fetchmail[8601]: sleeping at Thu Jan 3 22:08:13 2008 for 300 seconds
Jan 3 22:13:13 titan fetchmail[8601]: awakened at Thu Jan 3 22:13:13 2008
Jan 3 22:13:34 titan fetchmail[8601]: 3 messages for dtutty at pop.porchlight.ca (14618 octets).
Jan 3 22:13:47 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 3 (4619 octets) flushed
Jan 3 22:14:17 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 3 (4918 octets) flushed
Jan 3 22:14:25 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:3 of 3 (5081 octets) flushed
Jan 3 22:14:30 titan fetchmail[8601]: sleeping at Thu Jan 3 22:14:30 2008 for 300 seconds
Jan 3 22:17:01 titan /USR/SBIN/CRON[8845]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 3 22:19:30 titan fetchmail[8601]: awakened at Thu Jan 3 22:19:30 2008
Jan 3 22:19:43 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3459 octets).
Jan 3 22:20:47 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3459 octets) flushed
Jan 3 22:20:55 titan fetchmail[8601]: sleeping at Thu Jan 3 22:20:55 2008 for 300 seconds
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 75 to 76
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 25 to 24
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 57 to 56
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 73 to 74
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 27 to 26
Jan 3 22:25:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 24 C
Jan 3 22:25:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 26 C
Jan 3 22:25:55 titan fetchmail[8601]: awakened at Thu Jan 3 22:25:55 2008
Jan 3 22:26:05 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (2438 octets).
Jan 3 22:26:19 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (2438 octets) flushed
Jan 3 22:26:20 titan fetchmail[8601]: sleeping at Thu Jan 3 22:26:20 2008 for 300 seconds
Jan 3 22:30:02 titan ntpd[8619]: time reset -0.300673 s
Jan 3 22:31:20 titan fetchmail[8601]: awakened at Thu Jan 3 22:31:20 2008
Jan 3 22:31:22 titan fetchmail[8601]: sleeping at Thu Jan 3 22:31:22 2008 for 300 seconds
Jan 3 22:32:30 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 22:36:22 titan fetchmail[8601]: awakened at Thu Jan 3 22:36:22 2008
Jan 3 22:36:33 titan fetchmail[8601]: sleeping at Thu Jan 3 22:36:33 2008 for 300 seconds
Jan 3 22:36:38 titan pppd[8479]: Terminating on signal 15
Jan 3 22:36:38 titan pppd[8479]: Connect time 117.3 minutes.
Jan 3 22:36:38 titan pppd[8479]: Sent 1918538 bytes, received 10885344 bytes.
Jan 3 22:36:38 titan pppd[8479]: Connection terminated.
Jan 3 22:36:39 titan pppd[8479]: Exit.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-04-2008, 02:29 PM
"Chris Howie"
 
Default strange Shorewall entry

On Jan 4, 2008 10:16 AM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:

I found this in my log today:

Jan *3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
* * * *IN= OUT=ppp0 SRC="" href="http://209.29.44.23" target="_blank">209.29.44.23 DST=
16.100.185.144
* * * *LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF
* * * *PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan *3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
* * * *IN= OUT=ppp0 SRC=
"" href="http://209.29.44.23" target="_blank">209.29.44.23 DST=16.100.184.142
* * * *LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF
* * * *PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0


I have shorewall reject anything going out via a port I haven't opened.
Neither source nor destination ports are in /etc/services and I haven't
seen these before.

My concern is that they come from my box (fw) and attempt to go out to

the net. *This implies that something on my box is corrupted. *Any
ideas? *At the time of this entry, my box was running Konqueror (via ssh
from the other box) and was downloading information on HP DDS tapes from

the HP website. *It also had open tabs to wikipedia and perhaps a google
search results page.

-----8<-----
chris@layla:~$ dig -x 16.100.185.144


; <<>> DiG 9.3.4 <<>> -x 16.100.185.144
;; global options:* printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22933

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 3

;; QUESTION SECTION:
;144.185.100.16.in-addr.arpa.** IN***** PTR

;; ANSWER SECTION:
144.185.100.16.in-addr.arpa. 14400 IN** PTR****
internal-host.americas.hpqcorp.net.

;; AUTHORITY SECTION:
185.100.16.in-addr.arpa. 14400* IN***** NS***** ns4.hp.com.
185.100.16.in-addr.arpa
. 14400* IN***** NS***** ns3.hp.com.
185.100.16.in-addr.arpa. 14400* IN***** NS***** ns1.hp.com.
185.100.16.in-addr.arpa. 14400* IN***** NS*****
ns2.hp.com.
185.100.16.in-addr.arpa. 14400* IN***** NS***** ns6.hp.com.
185.100.16.in-addr.arpa. 14400* IN***** NS***** ns5.hp.com.

;; ADDITIONAL SECTION:

ns4.hp.com.************ 4974*** IN***** A****** 15.203.224.14
ns2.hp.com.************ 4973*** IN***** A******
15.219.160.12
ns6.hp.com.************ 4973*** IN***** A****** 15.195.208.12

;; Query time: 154 msec
;; SERVER: 192.168.1.254#53(
192.168.1.254)
;; WHEN: Fri Jan* 4 10:27:08 2008
;; MSG SIZE* rcvd: 255
-----8<-----

Maybe their download server runs on an alternate port?* (Though I cannot seem to telnet to this server on 8030 or 80.)

--
Chris Howie
http://www.chrishowie.com
http://en.wikipedia.org/wiki/User:Crazycomputers
 
Old 01-04-2008, 04:24 PM
"Douglas A. Tutty"
 
Default strange Shorewall entry

On Fri, Jan 04, 2008 at 10:29:38AM -0500, Chris Howie wrote:
> On Jan 4, 2008 10:16 AM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
>
> > I found this in my log today:
> >
> > Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
> > IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144
> > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF
> > PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
> > Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
> > IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142
> > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF
> > PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
> -----8<-----

> ;; AUTHORITY SECTION:
> 185.100.16.in-addr.arpa. 14400 IN NS ns4.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns3.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns1.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns2.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns6.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns5.hp.com.
>
> ;; ADDITIONAL SECTION:
> ns4.hp.com. 4974 IN A 15.203.224.14
> ns2.hp.com. 4973 IN A 15.219.160.12
> ns6.hp.com. 4973 IN A 15.195.208.12

> Maybe their download server runs on an alternate port? (Though I cannot
> seem to telnet to this server on 8030 or 80.)

Well, I feel a little better seing as its related to HP, but why was it
fw2net?

I don't know how the internals of browsers work and the download did
complete just fine. Since I was on HP's site, I didn't stop andd read
what the link targets were with each download. Can a link point to a
port number and not just a URL and have the browser request a file from
a specific port (i.e. not 80 for http or whatever it is for ftp)?

If this all seems kosher, then I'll forget about it.

Thanks,

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-04-2008, 11:51 PM
joseph lockhart
 
Default strange Shorewall entry

apologies, forwarding to list

Note: forwarded message attached.


jwlockhart

Registered Linux User #458799
Registered Kubuntu User #19678
this user is penguin powered


__________________________________________________ __________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
 
Old 01-05-2008, 12:57 AM
"Chris Howie"
 
Default strange Shorewall entry

On Jan 4, 2008 12:24 PM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:

Well, I feel a little better seing as its related to HP, but why was it
fw2net?

I don't know how the internals of browsers work and the download did
complete just fine. *Since I was on HP's site, I didn't stop andd read

what the link targets were with each download. *Can a link point to a
port number and not just a URL and have the browser request a file from
a specific port (i.e. not 80 for http or whatever it is for ftp)?


Yes, e.g. http://www.example.com:8030/

It could also have been a browser plugin, _javascript_... who knows.
--
Chris Howie

http://www.chrishowie.com
http://en.wikipedia.org/wiki/User:Crazycomputers
 
Old 01-05-2008, 01:59 AM
"Douglas A. Tutty"
 
Default strange Shorewall entry

On Fri, Jan 04, 2008 at 08:57:45PM -0500, Chris Howie wrote:
> On Jan 4, 2008 12:24 PM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
>
> > Well, I feel a little better seing as its related to HP, but why was it
> > fw2net?
> >
> > I don't know how the internals of browsers work and the download did
> > complete just fine. Since I was on HP's site, I didn't stop andd read
> > what the link targets were with each download. Can a link point to a
> > port number and not just a URL and have the browser request a file from
> > a specific port (i.e. not 80 for http or whatever it is for ftp)?
> >
>
> Yes, e.g. http://www.example.com:8030/
>
> It could also have been a browser plugin, JavaScript... who knows.

All plug-ins, JavaScript, etc, disabled on my normal Konqueror browser.
I save my Iceweasel in the i386 chroot for that (and flash).

Thanks,

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 11:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org