I AM using SuSEFirewal 4.2 on SuSE 6.4
I ran the install... and configured it using YaST. Is there a better way?
While we're on the subject, YaST appears to have some problems displaying
text and descriptions.
I even ran ipchains with these arguments:
/sbin/ipchains -A input -p TCP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
/sbin/ipchains -A input -p UDP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
/sbin/ipchains -A input -p ICMP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
but apparently these scans are accepted before the new lines. I figured that
those lines would break something for sure.
What is the syntax to redirect a port-- like 80 to squid's incoming port?
----- Original Message -----
From: "Boris Lorenz"
On 11-Feb-01 Kevin Creason wrote:
I ran 'lsof -i TCP:1243' and on port 2516, but nothing is currently
using or
listening on those ports.
Feb 10 18:45:08 dmc12 kernel: Packet log: input ACCEPT ppp0 PROTO=6 64.230.156.35:2516 <ISP-given IP>:1243 L=44 S=0x00 I=48222 F=0x0000 T=44 SYN (#51) Feb 10 18:45:09 dmc12 kernel: Packet log: input ACCEPT ppp0 PROTO=6 64.230.156.35:2516 <ISP-given IP>:1243 L=44 S=0x00 I=48254 F=0x0000 T=44 SYN (#51) Feb 10 18:45:10 dmc12 kernel: Packet log: input ACCEPT ppp0 PROTO=6 64.230.156.35:2516 <ISP-given IP>:1243 L=44 S=0x00 I=48288 F=0x0000 T=44 SYN (#51)
What does it mean that the firewall accepted a syn packet HSE-Kitchener-ppp233156.sympatico.ca? And is the L or the T signify the protocol line? Anyway-- does this correspond to this: (/etc/protocols) ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
And since I'm not running IPv6, what is the scanner attempting to do me? I've seen this network on my box before. Are they a known bunch of id10t's?
Port 1243 is known to be used by trojan horses like BackDoor-G, SubSeven Apocalypse and Tiles. Refer to www.simovits.com for a list of well known trojans and their preferred ports.
As these are windows trojans your nodes may not be affected if they all run Linux/Unix, but you would be better off closing these and other ports by implementing decent firewalling, say via the SuSE firewall or some other useable scripts.
--- Boris Lorenz
System Security Admin *nix - *nux ---