[Dshield] Can someone explain this syslog message?
rick at jaray.net
Thu Oct 30 01:29:50 GMT 2003
David isn't the DPT=33165 the Data Port? It looks like to me that perhaps
someone has a hotmail account is was trying to save an attachment to there
Just guessing though.. And this look like a nice log/capture. Where'd it
come from by the way?
> -----Original Message-----
> From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org] On Behalf Of David C. Hart
> Sent: Wednesday, October 29, 2003 6:19 PM - FamHost
> To: General DShield Discussion List
> Subject: [Dshield] Can someone explain this syslog message?
> I notice quite a few of these today:
> "Oct 29 18:59:53 mail kernel: IN=eth1 OUT=
> SRC=18.104.22.168 DST=151.
> 202.16.167 LEN=114 TOS=0x00 PREC=0x00 TTL=49 ID=52413 PROTO=TCP SPT=25
> This originates from Hotmail. None of us have hotmail
> accounts but even
> if we did, these are dropped packets so they didn't go to a client
> browser. This isn't incoming mail - the source port is 25. What am I
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
More information about the list