Blocked port 25 activity -

Allan Swanepoel allanice001 at gmail.com
Thu Apr 30 13:42:46 UTC 2009


On Thu, Apr 30, 2009 at 2:47 PM, Bob Goodwin <bobgoodwin at wildblue.net> wrote:
> This is an updated F-10 desktop computer, my ISP is a satellite service,
> wildblue.net who quit providing mail servers and switched to gmail about a
> year ago.
>
> Recently I have been observing a continuous stream of blocked port 25
> connections from this box 192.168.1.9 in the Firestarter log. The normal
> SMTP port is 465. They appear to be directed at a google name server
> although /etc/resolv.conf shows
>
>   [bobg at box9 ~]$ cat /etc/resolv.conf
>   nameserver 208.67.220.220
>   nameserver 208.67.222.222
>   # nameserver 12/189.32.61
>
> And I see the following logged:
>
> /var/log/messages
>
> Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
>
>
> Whois shows:
>
> NetRange:   209.85.128.0 - 209.85.255.255
> CIDR:       209.85.128.0/17
> NetName:    GOOGLE
> NetHandle:  NET-209-85-128-0-1
> Parent:     NET-209-0-0-0-0
> NetType:    Direct Allocation
> NameServer: NS1.GOOGLE.COM
> NameServer: NS2.GOOGLE.COM
> NameServer: NS3.GOOGLE.COM
> NameServer: NS4.GOOGLE.COM
>
>
>
> Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
> Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9
> DST=66.249.9
> 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25
> WINDOW=
> 5840 RES=0x00 SYN URGP=0
>
>
> NetRange:   66.249.64.0 - 66.249.95.255
> CIDR:       66.249.64.0/19
> NetName:    GOOGLE
> NetHandle:  NET-66-249-64-0-1
> Parent:     NET-66-0-0-0-0
> NetType:    Direct Allocation
> NameServer: NS1.GOOGLE.COM
> NameServer: NS2.GOOGLE.COM
> NameServer: NS3.GOOGLE.COM
> NameServer: NS4.GOOGLE.COM
>
> I guess it's not hurting anything but I would feel better if I didn't see
> all this activity apparently going nowhere. I don't know how to find what's
> causing it, at least I haven't found it yet.
>
> Any suggestions?
>
> Bob
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>

Check if sendmail is trying to send something, it uses port 25 to
send, and i don't think google is going to accept it without
authentication.




-- 
We live in an age when pizza gets to your home before the police.
  - Jeff Marder
------------------------------------------
Allan Swanepoel
allanice001 at gmail.com
allanice.001 at unix.net
dragonmaster at linaccess.com
+27 84 507 8492
Linux User #452990
Linux Machine #360914
-----------------------------------------------
IMPORTANT: This email is intended for the use of  the  individual
addressee(s)  named  above  and  may  contain information that is
confidential,  privileged  or  unsuitable  for  overly  sensitive
persons  with  low  self-esteem, no sense of humour or irrational
religious beliefs. If you are not  the  intended  recipient,  any
dissemination,  distribution  or copying  of  this  email is not
authorised (either explicitly or implicitly) and  constitutes  an
irritating  social  faux  pas. Unless the word absquatulation has been
used in its correct context somewhere  other  than  in  this warning,
it does not have any legal or grammatical use and may be ignored. No
animals were  harmed  in  the  transmission  of  this email,  although
 the  yorkshire  terrier  next door is living on borrowed time, let me
tell you. Those of you with an overwhelming fear  of  the unknown will
be gratified to learn that there is no hidden message revealed by
reading  this  warning  backwards,  so just ignore that Alert Notice
from Microsoft: However, by pouring a complete circle of salt around
yourself and your  computer  you can  ensure  that  no harm befalls
you and your pets.




More information about the fedora-list mailing list