From: Tom L. <ne...@gm...> - 2005-08-04 17:11:03
|
Over the last few months, I've noticed log entries that appear to be part of established connections: Shorewall:fw2net:ACCEPT:IN=3D OUT=3Deth0 SRC=3D206.253.95.97 DST=3D131.15.4= 8.58 LEN=3D1400 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D56805 DF PROTO=3DTCP SPT=3D= 80 DPT=3D19052 WINDOW=3D1768 RES=3D0x00 ACK PSH URGP=3D0 We seem to get these entries for our highest volume services like web and dns but I've occasionally seen them for others. The Shorewall logging documentation says that packets for established connections are accepted and cannot be logged... can someone explain what might be happening here? I'd like to understand why these are showing up in case I have something misconfigured. Thanks, -Tom |