Re: Logging packets from iptables

To: debian-security@lists.debian.org
Subject: Re: Logging packets from iptables
From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
Date: Wed, 23 May 2001 00:43:55 +0200
Message-id: <20010523004355.A7013@nepomuk.matrix.uni-duisburg.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <01052222502401.05620@celery>; from chrisb@wincoll.ac.uk on Tue, May 22, 2001 at 10:50:24PM +0100
References: <01052220372600.17656@davepc> <01052222502401.05620@celery>

On Tue, May 22, 2001 at 10:50:24PM +0100, Chris Boyle wrote: 

> Firstly be aware that these are probably just responses from web servers 
> you're browsing if they don't have the SYN (establish connection) flag set 
> (80 is http). If the syn flag _is_ set, and the _source_ port is 80,
> they may 
> be trying to exploit a poorly configured firewall.

Just a minor correction:
The fact that the SYN-flag is set is not suspicious if the ACK-flag is
set, too. The SYN-flag is usually set but if it is the _only_ flag,
then this means somebody might try to establish a connection.
Phil

Reply to:

References:
- Logging packets from iptables
  - From: Dave Smith <dave.s@earthcorp.com>
- Re: Logging packets from iptables
  - From: Chris Boyle <chrisb@wincoll.ac.uk>

Prev by Date: Re: Logging packets from iptables
Next by Date: Re: Logging packets from iptables
Previous by thread: Re: Logging packets from iptables
Next by thread: Re: Logging packets from iptables
Index(es):
- Date
- Thread