Security issue with Napster?
A computer on my internal network initiated a connection to a napster
server, through my IP Masq'd Linux box. Immediately, thereafter, I get this
in my logs.
Feb 13 09:19:30 hal kernel: Packet log: input REJECT eth0 PROTO=6
208.178.163.61:3227 24.94.9.216:6699 L=60 S=0x00 I=31361 F=0x4000 T=48 SYN
(#7)
Feb 13 09:19:30 hal kernel: Packet log: input REJECT eth0 PROTO=6
208.178.163.61:3228 24.94.9.216:6700 L=60 S=0x00 I=31397 F=0x4000 T=48 SYN
(#7)
I can understand the connections on ports 6699 and 6700, but what about
below?
Feb 13 09:19:30 hal kernel: Packet log: input REJECT eth0 PROTO=6
208.178.163.61:3229 24.94.9.216:80 L=60 S=0x00 I=31403 F=0x4000 T=48 SYN
(#7)
Feb 13 09:19:30 hal kernel: Packet log: input REJECT eth0 PROTO=6
208.178.163.61:3230 24.94.9.216:21 L=60 S=0x00 I=31501 F=0x4000 T=48 SYN
(#7)
Feb 13 09:19:30 hal kernel: Packet log: input REJECT eth0 PROTO=6
208.178.163.61:3231 24.94.9.216:23 L=60 S=0x00 I=31503 F=0x4000 T=48 SYN
(#7)
Why in the world would they attempt connection on 80, 21, and 23? I also
emailed i...@napster.com . Hopefully I can get to the bottom of this.
Nslookup on the source IP shows non-existent host/domain, but ARIN shows the
IP is owned by Napster Inc.
-Tad