Re: strange Shorewall entry
On Fri, Jan 04, 2008 at 10:29:38AM -0500, Chris Howie wrote:
> On Jan 4, 2008 10:16 AM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
>
> > I found this in my log today:
> >
> > Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
> > IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.185.144
> > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27582 DF
> > PROTO=TCP SPT=38111 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
> > Jan 3 21:58:05 titan kernel: Shorewall:fw2net:REJECT:
> > IN= OUT=ppp0 SRC=209.29.44.23 DST=16.100.184.142
> > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27569 DF
> > PROTO=TCP SPT=47263 DPT=8030 WINDOW=5840 RES=0x00 SYN URGP=0
> -----8<-----
> ;; AUTHORITY SECTION:
> 185.100.16.in-addr.arpa. 14400 IN NS ns4.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns3.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns1.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns2.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns6.hp.com.
> 185.100.16.in-addr.arpa. 14400 IN NS ns5.hp.com.
>
> ;; ADDITIONAL SECTION:
> ns4.hp.com. 4974 IN A 15.203.224.14
> ns2.hp.com. 4973 IN A 15.219.160.12
> ns6.hp.com. 4973 IN A 15.195.208.12
> Maybe their download server runs on an alternate port? (Though I cannot
> seem to telnet to this server on 8030 or 80.)
Well, I feel a little better seing as its related to HP, but why was it
fw2net?
I don't know how the internals of browsers work and the download did
complete just fine. Since I was on HP's site, I didn't stop andd read
what the link targets were with each download. Can a link point to a
port number and not just a URL and have the browser request a file from
a specific port (i.e. not 80 for http or whatever it is for ftp)?
If this all seems kosher, then I'll forget about it.
Thanks,
Doug.
Reply to: