[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Blocked port 25 activity -



This is an updated F-10 desktop computer, my ISP is a satellite service, wildblue.net who quit providing mail servers and switched to gmail about a year ago.

Recently I have been observing a continuous stream of blocked port 25 connections from this box 192.168.1.9 in the Firestarter log. The normal SMTP port is 465. They appear to be directed at a google name server although /etc/resolv.conf shows

   [bobg box9 ~]$ cat /etc/resolv.conf
   nameserver 208.67.220.220
   nameserver 208.67.222.222
   # nameserver 12/189.32.61

And I see the following logged:

/var/log/messages

Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


Whois shows:

NetRange:   209.85.128.0 - 209.85.255.255
CIDR:       209.85.128.0/17
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM



Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


NetRange:   66.249.64.0 - 66.249.95.255
CIDR:       66.249.64.0/19
NetName:    GOOGLE
NetHandle:  NET-66-249-64-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM

I guess it's not hurting anything but I would feel better if I didn't see all this activity apparently going nowhere. I don't know how to find what's causing it, at least I haven't found it yet.

Any suggestions?

Bob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]