INVALID state and no known connection.
As we know iptables INVALID state means, that
the packet is associated with no known connection,
right? So, if I have a lot of INVALID entries in my
log files, does it means, that something is wrong?
Hidden process etc.?
An example of logged entries;
t4 kernel: [18776.221378] [INVALID in] IN=eth0 OUT=
MAC=mac_address SRC="" DST=192.168.5.200
LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=8371
PROTO=TCP SPT=443 DPT=45458 WINDOW=0 RES=0x00
t4 kernel: [18262.496058] [INVALID out] IN= OUT=eth0 SRC="" DST=188.8.131.52 LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=18981 DF PROTO=TCP
SPT=37190 DPT=80 WINDOW=16576 RES=0x00
ACK FIN URGP=0
For example, lsof -i -n -P command shows only ESTABLISHED
connections; nothing strange, nothing more.