Blocked port 25 activity -

Bob Goodwin bobgoodwin at wildblue.net
Thu Apr 30 12:47:25 UTC 2009 

This is an updated F-10 desktop computer, my ISP is a satellite service, 
wildblue.net who quit providing mail servers and switched to gmail about 
a year ago.

Recently I have been observing a continuous stream of blocked port 25 
connections from this box 192.168.1.9 in the Firestarter log. The normal 
SMTP port is 465. They appear to be directed at a google name server 
although /etc/resolv.conf shows

    [bobg at box9 ~]$ cat /etc/resolv.conf
    nameserver 208.67.220.220
    nameserver 208.67.222.222
    # nameserver 12/189.32.61

And I see the following logged:

/var/log/messages

Apr 30 07:14:09 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 
DST=66.249.9
3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56553 DF PROTO=TCP SPT=49080 
DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 07:14:12 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 
DST=66.249.9
3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=56554 DF PROTO=TCP SPT=49080 
DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


Whois shows:

NetRange:   209.85.128.0 - 209.85.255.255
CIDR:       209.85.128.0/17
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM



Apr 30 08:14:10 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 
DST=66.249.9
3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=63341 DF PROTO=TCP SPT=41549 
DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:11 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 
DST=66.249.9
3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17222 DF PROTO=TCP SPT=41550 
DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0
Apr 30 08:14:14 localhost kernel: Outbound IN= OUT=eth0 SRC=192.168.1.9 
DST=66.249.9
3.27 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=17223 DF PROTO=TCP SPT=41550 
DPT=25 WINDOW=
5840 RES=0x00 SYN URGP=0


NetRange:   66.249.64.0 - 66.249.95.255
CIDR:       66.249.64.0/19
NetName:    GOOGLE
NetHandle:  NET-66-249-64-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM

I guess it's not hurting anything but I would feel better if I didn't 
see all this activity apparently going nowhere. I don't know how to find 
what's causing it, at least I haven't found it yet.

Any suggestions?

Bob

More information about the fedora-list mailing list