Curious iptables log messages
Eric "Shubes"
plug at shubes.net
Mon Sep 25 19:13:11 MST 2006
I just noticed some log messages from iptables on my workstation that I find
curious (my iptables logs all dropped packets):
Sep 25 18:46:55 helen kernel: IN=eth0 OUT=
MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11
DST=192.168.20.31 LEN=308 TOS=0x10 PREC=0x00 TTL=63 ID=40237 DF PROTO=TCP
SPT=22 DPT=57702 WINDOW=2160 RES=0x00 ACK PSH URGP=0
Sep 25 18:47:55 helen kernel: IN=eth0 OUT=
MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:00 SRC=192.168.21.11
DST=192.168.20.31 LEN=340 TOS=0x10 PREC=0x00 TTL=63 ID=47853 DF PROTO=TCP
SPT=22 DPT=45764 WINDOW=2160 RES=0x00 ACK PSH URGP=0
The messages began at 18:33, repeated numbers of times through 18:47, and
seem to have stopped.
Both of these addresses are behind an IPCop firewall.
192.168.20.31 is my workstation, on the green network.
192.168.21.11 is my web/mail server on the orange (dmz) network.
It appears like the server is attempting an ssh communication of some sort
to my workstation. My workstation does have open terminal windows (4) with
active ssh sessions to the server. I haven't had any problem with ssh
sessions staying alive.
Is this normal communication for ssh that I should have open in my
workstation's firewall?
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list