Blocked port 25 activity -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is an updated F-10 desktop computer, my ISP is a satellite service, wildblue.net who quit providing mail servers and switched to gmail about a year ago.
Recently I have been observing a continuous stream of blocked port 25 connections from this box 192.168.1.9 in the Firestarter log. The normal SMTP port is 465. They appear to be directed at a google name server although /etc/resolv.conf shows 

   [bobg@box9 ~]$ cat /etc/resolv.conf
   nameserver 208.67.220.220
   nameserver 208.67.222.222
   # nameserver 12/189.32.61

And I see the following logged:

/var/log/messages
Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25 WINDOW= 
5840 RES=0x00 SYN URGP=0
Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25 WINDOW= 
5840 RES=0x00 SYN URGP=0


Whois shows:

NetRange:   209.85.128.0 - 209.85.255.255
CIDR:       209.85.128.0/17
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25 WINDOW= 
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25 WINDOW= 
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 DST=66.249.9 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25 WINDOW= 
5840 RES=0x00 SYN URGP=0


NetRange:   66.249.64.0 - 66.249.95.255
CIDR:       66.249.64.0/19
NetName:    GOOGLE
NetHandle:  NET-66-249-64-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
I guess it's not hurting anything but I would feel better if I didn't see all this activity apparently going nowhere. I don't know how to find what's causing it, at least I haven't found it yet. 

Any suggestions?

Bob

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux