Blocked port 25 activity -
Allan Swanepoel
allanice001 at gmail.com
Thu Apr 30 13:42:46 UTC 2009
On Thu, Apr 30, 2009 at 2:47 PM, Bob Goodwin <bobgoodwin at wildblue.net> wrote:
> This is an updated F-10 desktop computer, my ISP is a satellite service,
> wildblue.net who quit providing mail servers and switched to gmail about a
> year ago.
>
> Recently I have been observing a continuous stream of blocked port 25
> connections from this box 192.168.1.9 in the Firestarter log. The normal
> SMTP port is 465. They appear to be directed at a google name server
> although /etc/resolv.conf shows
>
> [bobg at box9 ~]$ cat /etc/resolv.conf
> nameserver 208.67.220.220
> nameserver 208.67.222.222
> # nameserver 12/189.32.61
>
> And I see the following logged:
>
> /var/log/messages
>
> Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
>
>
> Whois shows:
>
> NetRange: 209.85.128.0 - 209.85.255.255
> CIDR: 209.85.128.0/17
> NetName: GOOGLE
> NetHandle: NET-209-85-128-0-1
> Parent: NET-209-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1.GOOGLE.COM
> NameServer: NS2.GOOGLE.COM
> NameServer: NS3.GOOGLE.COM
> NameServer: NS4.GOOGLE.COM
>
>
>
> Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
>
>
> NetRange: 66.249.64.0 - 66.249.95.255
> CIDR: 66.249.64.0/19
> NetName: GOOGLE
> NetHandle: NET-66-249-64-0-1
> Parent: NET-66-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1.GOOGLE.COM
> NameServer: NS2.GOOGLE.COM
> NameServer: NS3.GOOGLE.COM
> NameServer: NS4.GOOGLE.COM
>
> I guess it's not hurting anything but I would feel better if I didn't see
> all this activity apparently going nowhere. I don't know how to find what's
> causing it, at least I haven't found it yet.
>
> Any suggestions?
>
> Bob
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
Check if sendmail is trying to send something, it uses port 25 to
send, and i don't think google is going to accept it without
authentication.
--
We live in an age when pizza gets to your home before the police.
- Jeff Marder
------------------------------------------
Allan Swanepoel
allanice001 at gmail.com
allanice.001 at unix.net
dragonmaster at linaccess.com
+27 84 507 8492
Linux User #452990
Linux Machine #360914
-----------------------------------------------
IMPORTANT: This email is intended for the use of the individual
addressee(s) named above and may contain information that is
confidential, privileged or unsuitable for overly sensitive
persons with low self-esteem, no sense of humour or irrational
religious beliefs. If you are not the intended recipient, any
dissemination, distribution or copying of this email is not
authorised (either explicitly or implicitly) and constitutes an
irritating social faux pas. Unless the word absquatulation has been
used in its correct context somewhere other than in this warning,
it does not have any legal or grammatical use and may be ignored. No
animals were harmed in the transmission of this email, although
the yorkshire terrier next door is living on borrowed time, let me
tell you. Those of you with an overwhelming fear of the unknown will
be gratified to learn that there is no hidden message revealed by
reading this warning backwards, so just ignore that Alert Notice
from Microsoft: However, by pouring a complete circle of salt around
yourself and your computer you can ensure that no harm befalls
you and your pets.
More information about the fedora-list
mailing list