[NTLUG:Discuss] Is this an attack?
Neil Aggarwal
neil at JAMMConsulting.com
Mon May 27 18:46:47 CDT 2002
Hello:
I am seeing many messages like this in my /var/log/messages file:
May 27 15:37:13 server2 kernel: IN= OUT=eth0 SRC=[My Server IP]
DST=62.254.128.6 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=32512 DF PROTO=TCP
SPT=80 DPT=58768 WINDOW=7574 RES=0x00 ACK URGP=0
This looks like a response from apache on my server, but I do have these
firewall
rules set-up:
# Allow http connections
/sbin/iptables -A INPUT -i eth0 -d $MY_IP -p tcp --dport www -m
state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -s $MY_IP -p tcp --sport www -m
state --state ESTABLISHED -j ACCEPT
And I can connect to the apache server on my machine.
Does anyone know what these messages are?
Is it attack?
Thanks,
Neil.
--
Neil Aggarwal
JAMM Consulting, Inc. (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development Websites, Ecommerce, Java, databases
More information about the Discuss
mailing list