[BlueOnyx:13702] Re: Message Log
Richard Sidlin
richard at sidlin.co.uk
Wed Sep 18 12:11:02 -05 2013
Thanks Chuck. I certainly don't want access to port 80 blocked and we
received complaints today that it was unavailable. I have Dfix2 installed
but I don't want it blocking access!
From: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] On Behalf Of Chuck Tetlow
Sent: 18 September 2013 17:55
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:13700] Re: Message Log
Those log entries show that someone at 195.195.131.183 was trying to connect
to 192.168.250.240 on TCP port 80. So they're trying to hit the webpage at
the address 192.168.250.240, but were being blocked by the IPTables firewall
software on your BX server.
Does that source address mean anything to you? What is on that destination
IP address, and does that site have a webpage? And probably the most
important question - why would the IPTables software be configured to block
someone hitting a webpage??
I can't imagine DFix or one of the other automated security tools blocking
webpage requests to TCP Port 80, but I don't know all those packages well -
so it could be something automatic. But on first guess - I'd suggest
someone would have had to manually configure that block. That then goes
back to the last question - why would someone want to block access to a
webpage/website??
Chuck
---------- Original Message -----------
From: "Richard Sidlin" <richard at sidlin.co.uk>
To: <blueonyx at mail.blueonyx.it>
Sent: Wed, 18 Sep 2013 17:38:09 +0100
Subject: [BlueOnyx:13699] Message Log
> Hi
>
> I have loads of these in my message log. Anything to be concerned about?
>
> Sep 18 12:30:44 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32494 DF PROTO=TCP
SPT=42963 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:30:56 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=43175 DF PROTO=TCP
SPT=53690 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:30:56 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32495 DF PROTO=TCP
SPT=42963 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:05 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64909 DF PROTO=TCP
SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:07 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=48816 DF PROTO=TCP
SPT=42656 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:08 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=64910 DF PROTO=TCP
SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:12 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8668 DF PROTO=TCP
SPT=55189 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:14 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.183
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=64911 DF PROTO=TCP
SPT=48409 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> Sep 18 12:31:15 ns5 kernel: IN=eth0 OUT=
MAC=00:0a:e4:82:4e:e6:00:90:fb:33:79:96:08:00 SRC=195.195.131.182
DST=192.168.250.240 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8669 DF PROTO=TCP
SPT=55189 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
>
> Thanks
>
> Richard
>
>
------- End of Original Message -------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130918/57b20aae/attachment.html>
More information about the Blueonyx
mailing list