[Dshield] Can someone explain this syslog message?

Rick Klinge rick at jaray.net
Thu Oct 30 01:29:50 GMT 2003


David isn't the DPT=33165 the Data Port?  It looks like to me that perhaps
someone has a hotmail account is was trying to save an attachment to there
local?

Just guessing though.. And this look like a nice log/capture.  Where'd it
come from by the way?

Thank,

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of David C. Hart
> Sent: Wednesday, October 29, 2003 6:19 PM - FamHost
> To: General DShield Discussion List
> Subject: [Dshield] Can someone explain this syslog message?
> 
> 
> I notice quite a few of these today:
> 
> "Oct 29 18:59:53 mail kernel: IN=eth1 OUT=
> MAC=00:09:5b:22:29:d1:00:06:25:e4:ed:a3:08:00 
> SRC=65.54.167.14 DST=151.
> 202.16.167 LEN=114 TOS=0x00 PREC=0x00 TTL=49 ID=52413 PROTO=TCP SPT=25
> DPT=33165"
> 
> This originates from Hotmail. None of us have hotmail 
> accounts but even
> if we did, these are dropped packets so they didn't go to a client
> browser. This isn't incoming mail - the source port is 25. What am I
> missing?
> 

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list