[SunRescue] OT (?) - Strange NAT logging
Kevin Loch
rescue at sunhelp.org
Fri Mar 30 14:39:24 CST 2001
what does netstat -a show?
KL
David Rouse wrote:
>
> This is a bit off-topic even for Rescue, but I value you guys' experience.
>
> At work we use incoming and outgoing packet filter sets for our DMZ (the
> fiilters cover the WAN port) and NAT for our internal computers. Lately I've
> been getting odd entries on our outbound filters:
>
> Mar 30 15:01:15 gateway1 IP FILTER: 'News-Argus OUT' rule# 12: deny:
> src=xx.xx.xx.62(1024) dst=202.98.123.68(23) proto=6
>
> The xx.xx.xx.62 is one of our NAT addresses. The outside address belongs to
> some Chinese computer.
>
> Thinking that one of our internal computers was for some reason trying to
> connect to that CN box, I put a logging filter on port 23 on the inbound
> side of the ethernet port that attaches to our internal network. I tested
> the filter and it does log port 23 connections from inside, but none of the
> CN stuff does. It's as if the router itself, using one of the NAT addresses,
> is trying to connect to the CN box.
>
> Anyone have an idea of what this might mean, I've looked around but this
> doesn't seem to be covered anywhere. Also, if you guys have a better idea of
> a forum to bring this up in, please let me know.
>
> Thanks.
>
> --
> drouse
> --
> David Rouse * Our World - Your World - RouseWorld
> david at rouseworld.org * www.rouseworld.org
>
> _______________________________________________
> rescue maillist - rescue at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/rescue
More information about the rescue
mailing list