[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logging packets from iptables

On Tue, May 22, 2001 at 10:50:24PM +0100, Chris Boyle wrote: 

> Firstly be aware that these are probably just responses from web servers 
> you're browsing if they don't have the SYN (establish connection) flag set 
> (80 is http). If the syn flag _is_ set, and the _source_ port is 80,
> they may 
> be trying to exploit a poorly configured firewall.

Just a minor correction:
The fact that the SYN-flag is set is not suspicious if the ACK-flag is
set, too. The SYN-flag is usually set but if it is the _only_ flag,
then this means somebody might try to establish a connection.

Reply to: