iptables questions
James McKenzie
jjmckenzie51 at gmail.com
Sun Apr 17 20:25:47 UTC 2011
On 4/17/11 1:10 PM, JD wrote:
> On 04/17/2011 12:34 PM, James McKenzie wrote:
>> On 4/17/11 12:02 PM, JD wrote:
>>> I have instrumented my iptables to log all DROP'ed packets.
>>> I have a huge plethora of packets dropped from these
>>> 3 IP addresses:
>>> 74.125.127.109
>>> 72.14.213.109
>>> 74.125.53.109
>> Google Mail on the Secure IMAP port? Interesting. Maybe they are
>> misrouted packets or do you use Google Mail (gmail)?
>>
>> James McKenzie
>>
> My Thunderbird is configured to connect with pop.gmail.com
> to retrieve my email.
>
> The Registrant of the primary domain is google,
> and the Registrar is MarkMonitor.Com.
[Whois and marketing stuff removed]
Thus your system is NOT being hacked as stated by others. If you are
using Thunderbird, you had to configure it to connect on port 995, which
I will correct, is the secure POP port. Nothing is amiss here, just is
that you sent your request to server 'A' in the farm and got a reply
from server 'B' or server 'C' or server 'D'.... The first available
will be replying. You could 'sniff' the traffic, but since it is
SSL/TLS encrypted, you would not be able to read anything (or left me
restate this, should not be able to.)
At this point, given all that has been given, you are at a ZERO percent
hazard. If you were receiving replies from a different set of addresses
and these were not gmail's then I would have raised an eyebrow because
that is an attack signature.
James McKenzie
More information about the users
mailing list