[PLUG] What does this log message mean?
Larry Brigman
larry.brigman at gmail.com
Thu Jun 1 18:44:11 UTC 2006
On 6/1/06, J B <plug201 at jblack.org> wrote:
> Can someone tell me what this message means?
> I got it out of the dmesg command.
>
> ABORTED IN=eth0 OUT= MAC=00:0c:6e:a7:e5:66:00:0f:3d:4a:e2:d2:08:00
> SRC=64.5.35.225 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x20 TTL=113
> ID=49779 DF PROTO=TCP SPT=80 DPT=4766 SEQ=3349389583 ACK=90362985
> WINDOW=0 RES=0x00 ACK RST URGP=0
>
> I recognize :
> eth0 (my ethernet interface)
> 192.168.0.100 (my LAN address)
>
> $ whois 64.5.35.225
>
> OrgName: ThePlanet.com Internet Services, Inc.
> OrgID: TPCM
> Address: 1333 North Stemmons Freeway
> Address: Suite 110
> City: Dallas
> StateProv: TX
> PostalCode: 75207
> Country: US
>
> If this is from outside my LAN, why isn't my D-Link router blocking it?
>
It looks like this is an aborted connection to a web site you were accessing.
spt=80 ==> web dst=4766==> Random port about 1024 used to start a connection.
When I went to that address with my browser it showed that the site was a
secure site of Office Depot, but the security cert. was not quite right.
More information about the PLUG
mailing list