Hello people, I have recently began using kernel 2.4.x for a dialout server in combination with netfilter / IPtables and Marce Heuses firewall2 script. I guess thanks to the statefull filter, the following was denied and logged: Aug 5 20:53:16 bwian kernel: SuSE-FW-DROP-DEFAULTIN=ppp0 OUT= MAC= SRC=ipofbsmtpserver DST=ipofmydialoutserver LEN=130 TOS=0x00 PREC=0x00 TTL=253 ID=49147 PROTO=TCP SPT=25 DPT=2707 WINDOW=65472 RES=0x00 ACK PSH FIN URGP=0 I have received a few more of these, with destination ports of 1062, 1046, 1066 and 1342. The odd things are: I do not relay my mail through this server, so I do not setup a connection to it on port 25. If I do setup an smtp connection it is from an unprivilidged port, so replies shoul have a much higher destination port. Since the FIN bit is high this sounds like a FIN stealth scan. Questions: 1. What more can be learned from this log entry? 2. If any, what programs/trojans use those ports? Only 2707 is in my /etc/services 3. Is a server from this provider running a portscan on me? Some pointers to reference info would be helpfull too. BB, Arjen -- ftp://ftp.microsoft.com/developr/interix/gpl.txt