|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] Odd FW Log
From: Tom Knight (thomas.knight
ahds.ac.uk)
Date: Wed Mar 31 2004 - 07:52:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx
> > SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF
> > PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> > (0204056401010402)
> >
> This is very normal scanning that is going on all the time as soon as
> you connect a machine to the internet. A quick search with Yahoo
> gave the link:
> http://www.seifried.org/security/ports/1000/1433.html
>
> Port 1433 is MS SQL. Someone is trying whether you are running a MS
> SQL-server. If one is found, an attack will be launched to find
> whether it is vulnerable.
I have no problem with people scanning me, it's the "SuSE-FW-ACCEPT"
bit that makes me concerned... I though that that meant the packet
had been accepted (and passed through) the firewall, or am I misinter-
preting this?
Tom.
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]