On Fri, 28 Jan 2005 20:16:46 +0100, "mika" <mikata at gmail dot com> said:
> > Definately looks like someone is using port 22 to leave that box and go to bluemidnight.
> Does it? The Question is, why is this traffic logged? Normally this
> traffic is not blocked, because of the standard rules LAN->WAN allow!
I don't use the standard rules. I block (and log) LAN->WAN except for a
few designated destinated ports (80, 443 etc).
> As i can see from here, this is a connection from machine .2.7 to the
> inet IP, that is sending some packets twice probably because of
> missing bandwidth. If it takes too long to get a ACK answer
> transmitted from the inet IP, your PC sends out the request another
> time. But m0n0wall sees the ID of the packet and drops it because it
> has seen it before and is no new packet of the connection.
I'll keep that idea in mind. Though, at the moment, it doesn't look
> The other question is why are you connecting to bluemidnight.com?
That is precisely what I would like to know.
> Maybe it is a packet with fake IPs?
Life is never simple.
Jeffrey Goldberg http://www.goldmark.org