Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
RE: [suse-security] Odd FW Log
  • From: "Tom Knight" <thomas.knight@xxxxxxxxxx>
  • Date: Wed, 31 Mar 2004 15:23:17 +0100
  • Message-id: <ICELJOHAGNAFJPFMMBKOAENFCFAA.thomas.knight@xxxxxxxxxx>


> -----Original Message-----
> From: Joe Morris (NTM) [mailto:Joe_Morris@xxxxxxx]
> Sent: 31 March 2004 15:20
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Odd FW Log
>
>
> On 03/31/2004 09:12 PM, Tom Knight wrote:
>
> >Question:
> >Why am I seeing these connections being accepted and dropped on
> port 1433??
> >
> >Log (grepped):
> >Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx
> >SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF
> >PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> >(0204056401010402)
> >Mar 31 05:37:02 xxx kernel: SuSE-FW-DROP-DEFAULT IN=eth1 OUT= MAC=xxx
> >SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF
> >PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> >(0204056401010402)
> >
> >
> I remember seeing that before when I ran 8.0. I believe you should
> check for a SuSEfirewall2 update. I am pretty sure it is a buglet in
> the script related to logging, i.e. the packets are being dropped, but I
> know updating it fixed that problem for me. It is a noarch rpm, you
> could check if a newer version's rpm would work, or rebuild the package
> for your box.

Hmm, interesting. I have all the SLES 8 updates applied, but I'll grab
the SUSE support people and see if they have any news on this.

Ta,

Tom.


< Previous Next >
References