Re: Logging packets from iptables
On Tue, May 22, 2001 at 10:50:24PM +0100, Chris Boyle wrote:
> Firstly be aware that these are probably just responses from web servers
> you're browsing if they don't have the SYN (establish connection) flag set
> (80 is http). If the syn flag _is_ set, and the _source_ port is 80,
> they may
> be trying to exploit a poorly configured firewall.
Just a minor correction:
The fact that the SYN-flag is set is not suspicious if the ACK-flag is
set, too. The SYN-flag is usually set but if it is the _only_ flag,
then this means somebody might try to establish a connection.
Phil
Reply to: