[Dshield] Can someone explain this syslog message?

Johannes Ullrich jullrich at euclidian.com
Thu Oct 30 04:24:35 GMT 2003


Could it be that you are sending mail to a hotmail account?
Are you running your own mail server which delivers directly
(instead of via some ISP mail server)?

It could be that the connection timed out in your firewall.
Or, that someone spoofed your IP and you see 'backscatter'.


> "Oct 29 18:59:53 mail kernel: IN=eth1 OUT=
> MAC=00:09:5b:22:29:d1:00:06:25:e4:ed:a3:08:00 SRC=65.54.167.14 DST=151.
> 202.16.167 LEN=114 TOS=0x00 PREC=0x00 TTL=49 ID=52413 PROTO=TCP SPT=25
> DPT=33165"
> 
> This originates from Hotmail. None of us have hotmail accounts but even
> if we did, these are dropped packets so they didn't go to a client
> browser. This isn't incoming mail - the source port is 25. What am I
> missing?
> 
> ______________________________________________________________________
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list