[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
traffic leaking out on PPP connection
My firewall is pretty tight. I block all incoming by default and let out only certain
destination ports. I'm currently filtering on external interface only.
Now I decided to do a check on all outgoing traffic (filtering out of course the allowed ports)
and I made an interesting discovery.
I am on dial-up (PPP) with a Canadian ISP (Sympatico) and I am sending out regular replies to
port 135. I figured this is due to PPP tunneling. In 15 minutes I was replying to about a
dozen different IP addresses but they all resolve back to my ISPs servers (or clients?):
# host 18.104.22.168
22.214.171.124.in-addr.arpa domain name pointer SSMarie-ppp128981.sympatico.ca.
# host 126.96.36.199
188.8.131.52.in-addr.arpa domain name pointer Ottawa-ppp-198986.sympatico.ca.
# host 184.108.40.206
220.127.116.11.in-addr.arpa domain name pointer Lindsay-ppp-147952.sympatico.ca.
# host 18.104.22.168
22.214.171.124.in-addr.arpa domain name pointer London-ppp51940.sympatico.ca.
# host 126.96.36.199
188.8.131.52.in-addr.arpa domain name pointer HSE-Ottawa-ppp-33124.sympatico.ca.
Post your free ad now! http://personals.yahoo.ca