On Thu, Apr 30, 2009 at 2:47 PM, Bob Goodwin <bobgoodwin@xxxxxxxxxxxx> wrote: > This is an updated F-10 desktop computer, my ISP is a satellite service, > wildblue.net who quit providing mail servers and switched to gmail about a > year ago. > > Recently I have been observing a continuous stream of blocked port 25 > connections from this box 192.168.1.9 in the Firestarter log. The normal > SMTP port is 465. They appear to be directed at a google name server > although /etc/resolv.conf shows > > [bobg@box9 ~]$ cat /etc/resolv.conf > nameserver 208.67.220.220 > nameserver 208.67.222.222 > # nameserver 12/189.32.61 > > And I see the following logged: > > /var/log/messages > > Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 > DST=66.249.9 > 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 DPT=25 > WINDOW= > 5840 RES=0x00 SYN URGP=0 > Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 > DST=66.249.9 > 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 DPT=25 > WINDOW= > 5840 RES=0x00 SYN URGP=0 > > > Whois shows: > > NetRange: 209.85.128.0 - 209.85.255.255 > CIDR: 209.85.128.0/17 > NetName: GOOGLE > NetHandle: NET-209-85-128-0-1 > Parent: NET-209-0-0-0-0 > NetType: Direct Allocation > NameServer: NS1.GOOGLE.COM > NameServer: NS2.GOOGLE.COM > NameServer: NS3.GOOGLE.COM > NameServer: NS4.GOOGLE.COM > > > > Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 > DST=66.249.9 > 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 DPT=25 > WINDOW= > 5840 RES=0x00 SYN URGP=0 > Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 > DST=66.249.9 > 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 DPT=25 > WINDOW= > 5840 RES=0x00 SYN URGP=0 > Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 > DST=66.249.9 > 3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 DPT=25 > WINDOW= > 5840 RES=0x00 SYN URGP=0 > > > NetRange: 66.249.64.0 - 66.249.95.255 > CIDR: 66.249.64.0/19 > NetName: GOOGLE > NetHandle: NET-66-249-64-0-1 > Parent: NET-66-0-0-0-0 > NetType: Direct Allocation > NameServer: NS1.GOOGLE.COM > NameServer: NS2.GOOGLE.COM > NameServer: NS3.GOOGLE.COM > NameServer: NS4.GOOGLE.COM > > I guess it's not hurting anything but I would feel better if I didn't see > all this activity apparently going nowhere. I don't know how to find what's > causing it, at least I haven't found it yet. > > Any suggestions? > > Bob > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > Check if sendmail is trying to send something, it uses port 25 to send, and i don't think google is going to accept it without authentication. -- We live in an age when pizza gets to your home before the police. - Jeff Marder ------------------------------------------ Allan Swanepoel allanice001@xxxxxxxxx allanice.001@xxxxxxxx dragonmaster@xxxxxxxxxxxxx +27 84 507 8492 Linux User #452990 Linux Machine #360914 ----------------------------------------------- IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the yorkshire terrier next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft: However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
