[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

traffic leaking out on PPP connection



My firewall is pretty tight.  I block all incoming by default and let out only certain
destination ports.  I'm currently filtering on external interface only.
Now I decided to do a check on all outgoing traffic (filtering out of course the allowed ports)
and I made an interesting discovery.
I am on dial-up (PPP) with a Canadian ISP (Sympatico) and I am sending out regular replies to
port 135.  I figured this is due to PPP tunneling.  In 15 minutes I was replying to about a
dozen different IP addresses but they all resolve back to my ISPs servers (or clients?):
# host 209.226.190.100
100.190.226.209.in-addr.arpa domain name pointer SSMarie-ppp128981.sympatico.ca.
# host 209.226.119.1
1.119.226.209.in-addr.arpa domain name pointer Ottawa-ppp-198986.sympatico.ca.
# host 209.226.132.21
21.132.226.209.in-addr.arpa domain name pointer Lindsay-ppp-147952.sympatico.ca.
# host 209.226.247.21
21.247.226.209.in-addr.arpa domain name pointer London-ppp51940.sympatico.ca.
# host 209.226.124.1
1.124.226.209.in-addr.arpa domain name pointer HSE-Ottawa-ppp-33124.sympatico.ca.
Any comments?
Peter
______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca