iptables questions

JD jd1008 at gmail.com
Sun Apr 17 20:15:48 UTC 2011

On 04/17/2011 12:56 PM, Sam Sharpe wrote:
> On 17 April 2011 20:33, Joe Zeff<joe at zeff.us>  wrote:
>> On 04/17/2011 12:02 PM, JD wrote:
>>> All 3 addresses belong to google.
>>> Just do  whois 1e100.net
>>   Domain Name: 1e100.net
>>          Registrar Name: Markmonitor.com
>>          Registrar Whois: whois.markmonitor.com
>>          Registrar Homepage: http://www.markmonitor.com
>> Yes, Google is the administrative and technical contact, but it looks
>> like marakmonitor.com is trying to hack your machine, not Google.
> No, it's Google: http://www.webmasterworld.com/google/4050443.htm
> 1e100 is the scientific notation of 10^100 aka one Googol
> (http://en.wikipedia.org/wiki/Googol)
> MarkMonitor is just the brand agency they are using to register the
> name and "protect their global brand".
> As to what it's doing, I don't know - it sounds like it's sending
> traffic from port 995 to your machine because you are connecting to
> GMail. It's entirely possible that because gmail is composed of
> millions of different machines, those packets are coming back not from
> the machine you are directly connected to and hence aren't hitting
> your ESTABLISHED,RELATED rules. You'd need plug a packet capture into
> something like Wireshark and look at the conversation to know what
> those packets are supposed to be.
Not savvy about wireshak. Do you have some link
or info as to how    to trap packets from these IP addresses?
Also, would I have to change my firewall in order for wireshark
to trap these packets?

More information about the users mailing list