LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-07-2005, 08:37 PM   #1
xathras
LQ Newbie
 
Registered: Jun 2004
Posts: 25

Rep: Reputation: 15
Abnormal traffic?


Can anyone explain this traffic for me?

this is an abstract from /var/log/messages

May 8 01:23:24 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=68.47.72.139 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=106 ID=54014 DF PROTO=TCP SPT=1873 DPT=7648 WINDOW=16384 RES=0x00 SYN URGP=0
May 8 01:23:27 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=68.47.72.139 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=106 ID=54076 DF PROTO=TCP SPT=1873 DPT=7648 WINDOW=16384 RES=0x00 SYN URGP=0
May 8 01:23:33 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=68.47.72.139 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=106 ID=54276 DF PROTO=TCP SPT=1873 DPT=7648 WINDOW=16384 RES=0x00 SYN URGP=0
May 8 01:25:17 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.9.10.223 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=49235 DF PROTO=TCP SPT=3714 DPT=16872 WINDOW=64800 RES=0x00 SYN URGP=0
May 8 01:25:20 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.9.10.223 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=49277 DF PROTO=TCP SPT=3714 DPT=16872 WINDOW=64800 RES=0x00 SYN URGP=0
May 8 01:25:26 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.9.10.223 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=49386 DF PROTO=TCP SPT=3714 DPT=16872 WINDOW=64800 RES=0x00 SYN URGP=0
May 8 01:26:03 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=69.39.81.71 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=16437 DF PROTO=TCP SPT=3984 DPT=7648 WINDOW=8760 RES=0x00 SYN URGP=0
May 8 01:26:06 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=69.39.81.71 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=16655 DF PROTO=TCP SPT=3984 DPT=7648 WINDOW=8760 RES=0x00 SYN URGP=0
May 8 01:26:12 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=69.39.81.71 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=17228 DF PROTO=TCP SPT=3984 DPT=7648 WINDOW=8760 RES=0x00 SYN URGP=0
May 8 01:26:23 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.3.18.149 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=37881 PROTO=TCP SPT=2085 DPT=7648 WINDOW=65535 RES=0x00 SYN URGP=0
May 8 01:26:26 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.3.18.149 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=38072 PROTO=TCP SPT=2085 DPT=7648 WINDOW=65535 RES=0x00 SYN URGP=0
May 8 01:26:32 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=201.3.18.149 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=38406 PROTO=TCP SPT=2085 DPT=7648 WINDOW=65535 RES=0x00 SYN URGP=0
May 8 01:26:50 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=81.99.157.75 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=46114 DF PROTO=TCP SPT=4485 DPT=16872 WINDOW=64240 RES=0x00 SYN URGP=0
May 8 01:26:53 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=81.99.157.75 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=119 ID=46264 DF PROTO=TCP SPT=4485 DPT=16872 WINDOW=64240 RES=0x00 SYN URGP=0
May 8 01:28:13 myserver kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:04:e2:08:6e:c1:00:0c:41:b2:30:3e:08:00 SRC=66.91.60.64 DST=192.168.1.100 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=44274 DF PROTO=TCP SPT=1284 DPT=7648 WINDOW=16384 RES=0x00 SYN URGP=0
 
Old 05-07-2005, 09:53 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
well, TCP port 7648 is used by CU-SeeMe from what i can gather (google)...

so it looks like your firewall has blocked CU-SeeMe connections from being initiated...
 
Old 05-07-2005, 10:55 PM   #3
xathras
LQ Newbie
 
Registered: Jun 2004
Posts: 25

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by win32sux
well, TCP port 7648 is used by CU-SeeMe from what i can gather (google)...

so it looks like your firewall has blocked CU-SeeMe connections from being initiated...
i'm sorry i am unaware of what CU-SeeMe is

I have just done a default install of centOS 3.4 and updated system, installed apache, mysql, apf, bfd, configured ssh for protocol 2 only and blocking root logins via ssh and thats about it.

Traffic was unexpected.
 
Old 05-08-2005, 03:24 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
It's videoconferencing software. If it was unexpected then well... good that it was blocked. You just need to remember that you may need to unblock it in the future (if you decide to use it).
 
Old 05-08-2005, 05:13 PM   #5
xathras
LQ Newbie
 
Registered: Jun 2004
Posts: 25

Original Poster
Rep: Reputation: 15
thanks for the help.

Glad I had my firewall configured, that was the only abnormal traffic I was getting, I had checked all my logs etc and there was no missing information or log-in attempts etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
Abnormal font sizes... Nazxul Linux - Software 3 02-06-2005 02:28 PM
installation exit abnormal !!!! meshmesh Linux - General 3 01-27-2004 01:22 PM
Mozilla abnormal exit msteph_hacker Linux - Software 6 11-01-2002 09:26 AM
linux more fragile to abnormal shutdown? nutshell Linux - General 23 03-10-2002 06:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration