[SunRescue] OT (?) - Strange NAT logging
David Rouse
rescue at sunhelp.org
Fri Mar 30 14:19:43 CST 2001
This is a bit off-topic even for Rescue, but I value you guys' experience.
At work we use incoming and outgoing packet filter sets for our DMZ (the
fiilters cover the WAN port) and NAT for our internal computers. Lately I've
been getting odd entries on our outbound filters:
Mar 30 15:01:15 gateway1 IP FILTER: 'News-Argus OUT' rule# 12: deny:
src=xx.xx.xx.62(1024) dst=202.98.123.68(23) proto=6
The xx.xx.xx.62 is one of our NAT addresses. The outside address belongs to
some Chinese computer.
Thinking that one of our internal computers was for some reason trying to
connect to that CN box, I put a logging filter on port 23 on the inbound
side of the ethernet port that attaches to our internal network. I tested
the filter and it does log port 23 connections from inside, but none of the
CN stuff does. It's as if the router itself, using one of the NAT addresses,
is trying to connect to the CN box.
Anyone have an idea of what this might mean, I've looked around but this
doesn't seem to be covered anywhere. Also, if you guys have a better idea of
a forum to bring this up in, please let me know.
Thanks.
--
drouse
--
David Rouse * Our World - Your World - RouseWorld
david at rouseworld.org * www.rouseworld.org
More information about the rescue
mailing list