[CentOS] repeated local ephemeral to 80

Fri Apr 1 15:32:16 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

Michael D. Berger wrote:
> On my CentOS box that I use mainly as a web server, I have iptables
> set to log and reject anything that I don't expect.  So lately,
> I have getting things like this:
>
>
> Mar 29 17:27:20 mbrc20 kernel: IPT-DROP IN= OUT=lo SRC=192.168.9.20
> DST=192.168.9.20 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46910 DF PROTO=TCP
> SPT=56624 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0 OPT
> (0204400C0402080A4A26F7A50000000001030307) UID=0
>
> that on at least one occasion repeated for every few seconds for
> more than three hours.  The ephemeral source port keeps changing in an
> irregular manner.
<snip>
Not great on this, but *if* I understand it, it's saying that the IP
address of your server is 192.168.9.20, and it's talking to itself, at
destination port 80 - apache, that would be.

        mark