Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204056401010402)
This is very normal scanning that is going on all the time as soon as you connect a machine to the internet. A quick search with Yahoo gave the link: http://www.seifried.org/security/ports/1000/1433.html
Port 1433 is MS SQL. Someone is trying whether you are running a MS SQL-server. If one is found, an attack will be launched to find whether it is vulnerable.
I have no problem with people scanning me, it's the "SuSE-FW-ACCEPT" bit that makes me concerned... I though that that meant the packet had been accepted (and passed through) the firewall, or am I misinter- preting this? Tom.