Wierd combination of TCP flags in Fedora 9, iptables rule to fix

Bruno Wolff III bruno at wolff.to
Thu Jul 10 12:35:31 UTC 2008


On Wed, Jul 09, 2008 at 18:46:03 -0700,
  stan <goedigi89__e at cox.net> wrote:
>
> One was SYN packets with random destination ports at the high end of the  
> range.  I'm assuming this was something to do with passive FTP.  Why  
> they should show up I'm not sure since I have FTP enabled and RELATED,  
> ESTABLISHED status ACCEPTed.

I don't think that RELATED covers things like FTP. It is meant to cover IMCP
packets related to a connection.
I think there is a module for recognizing related FTP traffic, but I suspect
you need to manually use it.




More information about the fedora-list mailing list