strange Shorewall entry
Hello all,
I found this in my log today:
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF
PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF
PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
I have shorewall reject anything going out via a port I haven't opened.
Neither source nor destination ports are in /etc/services and I haven't
seen these before.
My concern is that they come from my box (fw) and attempt to go out to
the net. This implies that something on my box is corrupted. Any
ideas? At the time of this entry, my box was running Konqueror (via ssh
from the other box) and was downloading information on HP DDS tapes from
the HP website. It also had open tabs to wikipedia and perhaps a google
search results page.
The box is an AMD Athlon64 running Etch amd64 up-to-date as of
yesterday.
Just in case, I have my backup from December 22 on another box. I'm
running a new backup on the affected box (my main box) now.
Any ideas? Thanks,
Doug.
Here's the entire syslog segment for this ppp session (around 2 hrs).
----
Jan 3 20:38:41 titan pppd[8479]: pppd 2.4.4 started by dtutty, uid 1000
Jan 3 20:38:42 titan chat[8481]: abort on (BUSY)
Jan 3 20:38:42 titan chat[8481]: abort on (NO CARRIER)
Jan 3 20:38:42 titan chat[8481]: abort on (VOICE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO DIALTONE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO DIAL TONE)
Jan 3 20:38:42 titan chat[8481]: abort on (NO ANSWER)
Jan 3 20:38:42 titan chat[8481]: abort on (DELAYED)
Jan 3 20:38:42 titan chat[8481]: timeout set to 120 seconds
Jan 3 20:38:42 titan chat[8481]: send (\dATZ^M)
Jan 3 20:38:43 titan chat[8481]: expect (OK)
Jan 3 20:38:44 titan chat[8481]: ATZ^M^M
Jan 3 20:38:44 titan chat[8481]: OK
Jan 3 20:38:44 titan chat[8481]: -- got it
Jan 3 20:38:44 titan chat[8481]: send (\dATDT6138870104^M)
Jan 3 20:38:46 titan chat[8481]: expect (CONNECT)
Jan 3 20:38:46 titan chat[8481]: ^M
Jan 3 20:39:18 titan chat[8481]: ATDT6138870104^M^M
Jan 3 20:39:18 titan chat[8481]: CONNECT
Jan 3 20:39:18 titan chat[8481]: -- got it
Jan 3 20:39:18 titan chat[8481]: send (\d)
Jan 3 20:39:19 titan pppd[8479]: Serial connection established.
Jan 3 20:39:19 titan pppd[8479]: Using interface ppp0
Jan 3 20:39:19 titan pppd[8479]: Connect: ppp0 <--> /dev/ttyS0
Jan 3 20:39:21 titan pppd[8479]: PAP authentication succeeded
Jan 3 20:39:21 titan pppd[8479]: Cannot determine ethernet address for proxy ARP
Jan 3 20:39:21 titan pppd[8479]: local IP address 209.29.44.23
Jan 3 20:39:21 titan pppd[8479]: remote IP address 209.171.52.135
Jan 3 20:39:21 titan pppd[8479]: primary DNS address 209.171.52.133
Jan 3 20:39:21 titan pppd[8479]: secondary DNS address 66.38.173.67
Jan 3 20:39:36 titan dnsmasq[5133]: reading /var/run/dnsmasq/resolv.conf
Jan 3 20:39:36 titan dnsmasq[5133]: using nameserver 66.38.173.67#53
Jan 3 20:39:36 titan dnsmasq[5133]: using nameserver 209.171.52.133#53
Jan 3 20:39:39 titan fetchmail[8317]: terminated with signal 15
Jan 3 20:39:40 titan fetchmail[8601]: starting fetchmail 6.3.6 daemon
Jan 3 20:39:40 titan ntpd[8335]: ntpd exiting on signal 15
Jan 3 20:39:42 titan ntpd[8618]: ntpd 4.2.2p4@1.1585-o Sun Mar 4 13:05:22 UTC 2007 (1)
Jan 3 20:39:42 titan ntpd[8619]: precision = 1.000 usec
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface wildcard, 0.0.0.0#123 Disabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface wildcard, ::#123 Disabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface lo, ::1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface eth1, fe80::217:31ff:fecb:efeb#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface lo, 127.0.0.1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface eth1, 192.168.1.1#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: Listening on interface ppp0, 209.29.44.23#123 Enabled
Jan 3 20:39:42 titan ntpd[8619]: kernel time sync status 0040
Jan 3 20:39:42 titan ntpd[8619]: frequency initialized -37.629 PPM from /var/lib/ntp/ntp.drift
Jan 3 20:39:48 titan fetchmail[8601]: 2 messages for dtutty at pop.porchlight.ca (7594 octets).
Jan 3 20:39:51 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 2 (3249 octets) flushed
Jan 3 20:39:55 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 20:39:55 titan ntpd[8619]: kernel time sync enabled 0001
Jan 3 20:39:55 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 2 (4345 octets) flushed
Jan 3 20:39:57 titan fetchmail[8601]: sleeping at Thu Jan 3 20:39:57 2008 for 300 seconds
Jan 3 20:44:57 titan fetchmail[8601]: awakened at Thu Jan 3 20:44:57 2008
Jan 3 20:44:58 titan fetchmail[8601]: sleeping at Thu Jan 3 20:44:58 2008 for 300 seconds
Jan 3 20:49:58 titan fetchmail[8601]: awakened at Thu Jan 3 20:49:58 2008
Jan 3 20:50:07 titan fetchmail[8601]: sleeping at Thu Jan 3 20:50:07 2008 for 300 seconds
Jan 3 20:55:07 titan fetchmail[8601]: awakened at Thu Jan 3 20:55:07 2008
Jan 3 20:55:26 titan hddtemp[5467]: /dev/sda: ST380811AS: 25 C
Jan 3 20:55:26 titan hddtemp[5467]: /dev/sdb: ST380811AS: 28 C
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 76 to 75
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 24 to 25
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 74 to 73
Jan 3 20:55:27 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 26 to 27
Jan 3 20:55:32 titan fetchmail[8601]: sleeping at Thu Jan 3 20:55:32 2008 for 300 seconds
Jan 3 21:00:32 titan fetchmail[8601]: awakened at Thu Jan 3 21:00:32 2008
Jan 3 21:00:34 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (5391 octets).
Jan 3 21:00:35 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (5391 octets) flushed
Jan 3 21:00:36 titan fetchmail[8601]: sleeping at Thu Jan 3 21:00:36 2008 for 300 seconds
Jan 3 21:02:18 titan ntpd[8619]: synchronized to 132.246.168.148, stratum 2
Jan 3 21:05:36 titan fetchmail[8601]: awakened at Thu Jan 3 21:05:36 2008
Jan 3 21:05:37 titan fetchmail[8601]: sleeping at Thu Jan 3 21:05:37 2008 for 300 seconds
Jan 3 21:10:37 titan fetchmail[8601]: awakened at Thu Jan 3 21:10:37 2008
Jan 3 21:10:51 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3269 octets).
Jan 3 21:11:05 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3269 octets) flushed
Jan 3 21:11:07 titan fetchmail[8601]: sleeping at Thu Jan 3 21:11:07 2008 for 300 seconds
Jan 3 21:16:07 titan fetchmail[8601]: awakened at Thu Jan 3 21:16:07 2008
Jan 3 21:16:08 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3486 octets).
Jan 3 21:16:09 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3486 octets) flushed
Jan 3 21:16:09 titan fetchmail[8601]: sleeping at Thu Jan 3 21:16:09 2008 for 300 seconds
Jan 3 21:17:01 titan /USR/SBIN/CRON[8666]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 3 21:21:09 titan fetchmail[8601]: awakened at Thu Jan 3 21:21:09 2008
Jan 3 21:21:13 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4232 octets).
Jan 3 21:21:16 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4232 octets) flushed
Jan 3 21:21:17 titan fetchmail[8601]: sleeping at Thu Jan 3 21:21:17 2008 for 300 seconds
Jan 3 21:23:45 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 75 to 76
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 25 to 24
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 73 to 74
Jan 3 21:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 27 to 26
Jan 3 21:25:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 24 C
Jan 3 21:25:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 26 C
Jan 3 21:26:17 titan fetchmail[8601]: awakened at Thu Jan 3 21:26:17 2008
Jan 3 21:26:18 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3042 octets).
Jan 3 21:26:20 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3042 octets) flushed
Jan 3 21:26:20 titan fetchmail[8601]: sleeping at Thu Jan 3 21:26:20 2008 for 300 seconds
Jan 3 21:31:20 titan fetchmail[8601]: awakened at Thu Jan 3 21:31:20 2008
Jan 3 21:31:21 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3695 octets).
Jan 3 21:31:22 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3695 octets) flushed
Jan 3 21:31:23 titan fetchmail[8601]: sleeping at Thu Jan 3 21:31:23 2008 for 300 seconds
Jan 3 21:36:23 titan fetchmail[8601]: awakened at Thu Jan 3 21:36:23 2008
Jan 3 21:36:24 titan fetchmail[8601]: 2 messages for dtutty at pop.porchlight.ca (8930 octets).
Jan 3 21:36:25 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 2 (4479 octets) flushed
Jan 3 21:36:27 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 2 (4451 octets) flushed
Jan 3 21:36:27 titan fetchmail[8601]: sleeping at Thu Jan 3 21:36:27 2008 for 300 seconds
Jan 3 21:41:27 titan fetchmail[8601]: awakened at Thu Jan 3 21:41:27 2008
Jan 3 21:41:29 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4066 octets).
Jan 3 21:41:30 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4066 octets) flushed
Jan 3 21:41:30 titan fetchmail[8601]: sleeping at Thu Jan 3 21:41:30 2008 for 300 seconds
Jan 3 21:46:30 titan fetchmail[8601]: awakened at Thu Jan 3 21:46:30 2008
Jan 3 21:46:33 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4832 octets).
Jan 3 21:46:34 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4832 octets) flushed
Jan 3 21:46:34 titan fetchmail[8601]: sleeping at Thu Jan 3 21:46:34 2008 for 300 seconds
Jan 3 21:51:34 titan fetchmail[8601]: awakened at Thu Jan 3 21:51:34 2008
Jan 3 21:51:55 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4225 octets).
Jan 3 21:51:57 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4225 octets) flushed
Jan 3 21:51:57 titan fetchmail[8601]: sleeping at Thu Jan 3 21:51:57 2008 for 300 seconds
Jan 3 21:53:45 titan ntpd[8619]: synchronized to 132.246.168.148, stratum 2
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 76 to 75
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 24 to 25
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 74 to 73
Jan 3 21:55:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 26 to 27
Jan 3 21:55:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 25 C
Jan 3 21:55:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 27 C
Jan 3 21:56:57 titan fetchmail[8601]: awakened at Thu Jan 3 21:56:57 2008
Jan 3 21:57:08 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (4575 octets).
Jan 3 21:57:22 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (4575 octets) flushed
Jan 3 21:57:26 titan fetchmail[8601]: sleeping at Thu Jan 3 21:57:26 2008 for 300 seconds
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 3 22:02:26 titan fetchmail[8601]: awakened at Thu Jan 3 22:02:26 2008
Jan 3 22:02:34 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (2768 octets).
Jan 3 22:02:38 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (2768 octets) flushed
Jan 3 22:02:41 titan fetchmail[8601]: sleeping at Thu Jan 3 22:02:41 2008 for 300 seconds
Jan 3 22:07:41 titan fetchmail[8601]: awakened at Thu Jan 3 22:07:41 2008
Jan 3 22:08:03 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3140 octets).
Jan 3 22:08:09 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3140 octets) flushed
Jan 3 22:08:13 titan fetchmail[8601]: sleeping at Thu Jan 3 22:08:13 2008 for 300 seconds
Jan 3 22:13:13 titan fetchmail[8601]: awakened at Thu Jan 3 22:13:13 2008
Jan 3 22:13:34 titan fetchmail[8601]: 3 messages for dtutty at pop.porchlight.ca (14618 octets).
Jan 3 22:13:47 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 3 (4619 octets) flushed
Jan 3 22:14:17 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:2 of 3 (4918 octets) flushed
Jan 3 22:14:25 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:3 of 3 (5081 octets) flushed
Jan 3 22:14:30 titan fetchmail[8601]: sleeping at Thu Jan 3 22:14:30 2008 for 300 seconds
Jan 3 22:17:01 titan /USR/SBIN/CRON[8845]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jan 3 22:19:30 titan fetchmail[8601]: awakened at Thu Jan 3 22:19:30 2008
Jan 3 22:19:43 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (3459 octets).
Jan 3 22:20:47 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (3459 octets) flushed
Jan 3 22:20:55 titan fetchmail[8601]: sleeping at Thu Jan 3 22:20:55 2008 for 300 seconds
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 190 Unknown_Attribute changed from 75 to 76
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 194 Temperature_Celsius changed from 25 to 24
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 57 to 56
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 190 Unknown_Attribute changed from 73 to 74
Jan 3 22:25:26 titan smartd[5514]: Device: /dev/sdb, SMART Usage Attribute: 194 Temperature_Celsius changed from 27 to 26
Jan 3 22:25:27 titan hddtemp[5467]: /dev/sda: ST380811AS: 24 C
Jan 3 22:25:27 titan hddtemp[5467]: /dev/sdb: ST380811AS: 26 C
Jan 3 22:25:55 titan fetchmail[8601]: awakened at Thu Jan 3 22:25:55 2008
Jan 3 22:26:05 titan fetchmail[8601]: 1 message for dtutty at pop.porchlight.ca (2438 octets).
Jan 3 22:26:19 titan fetchmail[8601]: reading message dtutty@smtp.porchlight.ca:1 of 1 (2438 octets) flushed
Jan 3 22:26:20 titan fetchmail[8601]: sleeping at Thu Jan 3 22:26:20 2008 for 300 seconds
Jan 3 22:30:02 titan ntpd[8619]: time reset -0.300673 s
Jan 3 22:31:20 titan fetchmail[8601]: awakened at Thu Jan 3 22:31:20 2008
Jan 3 22:31:22 titan fetchmail[8601]: sleeping at Thu Jan 3 22:31:22 2008 for 300 seconds
Jan 3 22:32:30 titan ntpd[8619]: synchronized to 209.87.233.53, stratum 2
Jan 3 22:36:22 titan fetchmail[8601]: awakened at Thu Jan 3 22:36:22 2008
Jan 3 22:36:33 titan fetchmail[8601]: sleeping at Thu Jan 3 22:36:33 2008 for 300 seconds
Jan 3 22:36:38 titan pppd[8479]: Terminating on signal 15
Jan 3 22:36:38 titan pppd[8479]: Connect time 117.3 minutes.
Jan 3 22:36:38 titan pppd[8479]: Sent 1918538 bytes, received 10885344 bytes.
Jan 3 22:36:38 titan pppd[8479]: Connection terminated.
Jan 3 22:36:39 titan pppd[8479]: Exit.
Reply to: