Hi!
I am running Gentoo linux. After installing and setting guarddog, I found the following "strange", at least for me, situations:
- There are lots of dropped packets like this one towards various sites
Ex.: DROPPED IN= OUT=wlan0 SRC=192.168.1.xx DST=209.85.229.149 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=16475 DF PROTO=TCP SPT=4504 DPT=80 SEQ=1247115119 ACK=2605117908 WINDOW=191 RES=0x00 ACK FIN URGP=0
What are these packets and why are they being rejected? I don't notice any problem in my accesses to my local net nor the "outside world".
- On every boot of my laptop, and only then, I got the following 4 packets (source port changes):
DROPPED IN= OUT=wlan0 SRC=192.168.1.xx DST=192.168.1.99 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19798 DF PROTO=TCP SPT=2334 DPT=80 SEQ=602150045 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030307)
DROPPED IN= OUT=wlan0 SRC=192.168.1.xx DST=192.168.1.99 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19799 DF PROTO=TCP SPT=2334 DPT=80 SEQ=602150045 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030307)
DROPPED IN= OUT=wlan0 SRC=192.168.1.xx DST=192.168.1.99 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19800 DF PROTO=TCP SPT=2334 DPT=80 SEQ=602150045 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030307)
DROPPED IN= OUT=wlan0 SRC=192.168.1.xx DST=192.168.1.99 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=3738 DF PROTO=TCP SPT=2342 DPT=80 SEQ=914204314 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030307)
This is even more strange because 192.168.1.99 is not an address that I use in my local network and this situation does not occur on, for example, another PC (desktop) I have and it has the same SW and very similar configuration!
192.168.1.xx is the IP address of the PC and xx is not 99.Thanks for any help/comments.