On Tue, 2002-11-12 at 00:54, Steffen Dettmer wrote:
* Ray Leach wrote on Mon, Nov 11, 2002 at 11:04 +0200:
Can anyone explain how it is possible that a machine can 'respond' to SMTP traffic that it didn't create.
DF PROTO=TCP SPT=25 DPT=4284 WINDOW=0 RES=0x00 ACK RST URGP=0
This is from my logs. This particular machine does not even have an SMTP service/daemon running on it.
The kernel sends an RST packet to inform the "client" that there is no such service. The client should get an "connection refused".
It is a web server and my iptables rules do not allow incoming SMTP (DPT: 25) to this machine.
Are you sure that no SMTP packet at all can reach your server? Then I would wonder why there are RST packets on wire...
Yup, here's the rule for that server: $IPTABLES -A INPUT -i $IFACE_INET -p tcp --dport 25 -d $IP_INET_WEB1 -j REJECT --reject-with tcp-reset
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel. --