[CentOS] Can't get rid of SYN_RECV

Fri Aug 4 02:27:48 UTC 2006
Paul <unix at bikesn4x4s.com>

OK, Something wacky.  I'm getting many, many of these, it just keeps
building:

--snip--
netstat -vat:
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:57015
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:26377
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:64279
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:27807
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:29095
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:47009
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:41369
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:45120
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:63145
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:4027
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:11361
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:53867
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:64779
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:20063
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:43209
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:44629
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:49010
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:3974
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:6822
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:54650
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:43689
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:35714
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:3381
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:48516
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:52141
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:11431
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:50562
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:17152
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:10535
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:18219
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:7582
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:60773
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:46995
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:60185
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:34357
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:41346
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:1135
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:64816
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:16062
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:7499
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:60087
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:33579
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:6757
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:8912
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:50510
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:44317
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:2149
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:294
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:60112
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:52569
 SYN_RECV
tcp        0      0 192.168.103.99:http         statusurl.e-gold.com:26452
 SYN_RECV
--snip--

So, seeing this is weird activity, I wanna see if I can put a stop to it.
So I added to iptables:
-A INPUT -s 209.200.128.0/255.255.192.0 -j DROP
-A OUTPUT -o eth0 -p tcp -m tcp -d 209.200.128.0/255.255.192.0 -j DROP

I restarted httpd and still get the same thing.  WTF???


-- 

^^^^^^^^^^^^| || \
| Budvar    ######|| ||'|"\,__.
| _..._...______ ===|=||_|__|...]
"(@)'(@)""""**|(@)(@)*****(@)I




-- 

^^^^^^^^^^^^| || \
| Budvar    ######|| ||'|"\,__.
| _..._...______ ===|=||_|__|...]
"(@)'(@)""""**|(@)(@)*****(@)I