Hello all,
I manage a debian etch, with only official packets. External accessible services are :
- a web server Apache, on port 80.
- a mail box on port smtp (exim).
- a ssh server, but accessible only from one fixed IP address.
My firewall log seems to drop output packets on port 113 : Jul 6 01:04:35 sinfo kernel: Firewall:Drop output:IN= OUT=eth0 SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59847 DF PROTO=TCP SPT=35914 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0
The beginning of a whois result is : inetnum: 122.116.0.0 - 122.117.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 ... And I'm sure to have no relation with Taiwan...
Somebody here knowns which service send those packets, and why ?
Thanks. Andre.