Wierd combination of TCP flags in Fedora 9, iptables rule to fix
Bruno Wolff III
bruno at wolff.to
Thu Jul 10 12:35:31 UTC 2008
On Wed, Jul 09, 2008 at 18:46:03 -0700,
stan <goedigi89__e at cox.net> wrote:
> One was SYN packets with random destination ports at the high end of the
> range. I'm assuming this was something to do with passive FTP. Why
> they should show up I'm not sure since I have FTP enabled and RELATED,
> ESTABLISHED status ACCEPTed.
I don't think that RELATED covers things like FTP. It is meant to cover IMCP
packets related to a connection.
I think there is a module for recognizing related FTP traffic, but I suspect
you need to manually use it.
More information about the fedora-list