from the info below something is happening at port 8888 and 4662 should I be worried? piet SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=62.178.214.8 DST=62.234.82.83 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=35798 DF PROTO=TCP SPT=1425 DPT=8888 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204058401010402) May 23 11:55:31 photoserver kernel: SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=62.178.214.8 DST=62.234.82.83 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=35830 DF PROTO=TCP SPT=1425 DPT=8888 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204058401010402) May 23 11:56:23 photoserver kernel: SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=68.97.2.18 DST=62.234.82.53 LEN=64 TOS=0x00 PREC=0x00 TTL=42 ID=44325 DF PROTO=TCP SPT=1857 DPT=4662 WINDOW=46080 RES=0x00 SYN URGP=0 OPT (02040584010303030101080A000000000000000001010402) May 23 11:56:23 photoserver kernel: SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=68.97.2.18 DST=62.234.82.53 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=44332 DF PROTO=TCP SPT=1857 DPT=4662 WINDOW=46080 RES=0x00 SYN URGP=0 OPT (02040584010303030101080A000000000000000001010402) May 23 11:56:24 photoserver kernel: SuSE-FW-ACCEPTIN=ppp0 OUT= MAC= SRC=68.97.2.18 DST=62.234.82.53 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=44339 DF PROTO=TCP SPT=1857 DPT=4662 WINDOW=46080 RES=0x00 SYN URGP=0 OPT (02040584010303030101080A000000000000000001010402) May 23 11:56:40
that might be the case but I don't like the accepting part so I blocked them now, do you know how to block specific ports or ip adresses? within iptables? piet Christopher Mahmood wrote:
* PR (prooroa@wanadoo.nl) [020523 02:01]:
from the info below something is happening at port 8888 and 4662 should I be worried?
Probably just a port scan. Disable access to high tcp ports if it bothers you and you don't need it.
* PR (prooroa@wanadoo.nl) [020523 14:16]:
that might be the case but I don't like the accepting part so I blocked them now, do you know how to block specific ports or ip adresses? within iptables?
There's no point in blocking access to those two ports, you might as well just close all high ports (it looks like you are using the SuSEfirewall, this is easy to do). To block everybody, including yourself from access port 666 iptables --insert INPUT --proto tcp -s 0/0 -d 0/0 --dport 666 -j REJECT To block an IP or network, iptables --insert INPUT --proto tcp -s 1.2.3.4 -d 0/0 -j REJECT Likewise with a network, just replace the ip with a network. -- -ckm
participants (2)
-
Christopher Mahmood
-
PR