Kinkie wrote:
>> That supposes that the connection are with legitimate clients, but since
>> the OP referred to "SOME.RANDOM.IP.ADDR", and "connections ... to the
>> outside world", I suspect it was an open proxy.
>
> Maybe.. It depends on how random they are...
> Still the "destination port is random, source port is my service port"
> pattern is typical in the scenario I described.
>
I'm not disputing that. When you start or restart a firewall it's common for
established TCP connections to be disrupted. That's perfectly normal and
doesn't require any changes to keep-alives etc.
What's more important is the question of whether the proxy was open, or
whether he simply failed to recognize his own IP addresses. People who
abuse open proxies aren't normally downloading bible-study material.
I was disputing "nothing to worry about".
Received on Fri May 04 2007 - 17:20:58 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT