[Dshield] Can someone explain this syslog message?

Rick Klinge rick at jaray.net
Thu Oct 30 01:29:50 GMT 2003

David isn't the DPT=33165 the Data Port?  It looks like to me that perhaps
someone has a hotmail account is was trying to save an attachment to there

Just guessing though.. And this look like a nice log/capture.  Where'd it
come from by the way?



> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of David C. Hart
> Sent: Wednesday, October 29, 2003 6:19 PM - FamHost
> To: General DShield Discussion List
> Subject: [Dshield] Can someone explain this syslog message?
> I notice quite a few of these today:
> "Oct 29 18:59:53 mail kernel: IN=eth1 OUT=
> MAC=00:09:5b:22:29:d1:00:06:25:e4:ed:a3:08:00 
> SRC= DST=151.
> 202.16.167 LEN=114 TOS=0x00 PREC=0x00 TTL=49 ID=52413 PROTO=TCP SPT=25
> DPT=33165"
> This originates from Hotmail. None of us have hotmail 
> accounts but even
> if we did, these are dropped packets so they didn't go to a client
> browser. This isn't incoming mail - the source port is 25. What am I
> missing?

Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

More information about the list mailing list