Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
RE: [suse-security] Odd FW Log
  • From: "Tom Knight" <thomas.knight@xxxxxxxxxx>
  • Date: Wed, 31 Mar 2004 14:52:57 +0100
  • Message-id: <ICELJOHAGNAFJPFMMBKOAENECFAA.thomas.knight@xxxxxxxxxx>

> > Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx
> > SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF
> > PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> > (0204056401010402)
> >
> This is very normal scanning that is going on all the time as soon as
> you connect a machine to the internet. A quick search with Yahoo
> gave the link:
> http://www.seifried.org/security/ports/1000/1433.html
>
> Port 1433 is MS SQL. Someone is trying whether you are running a MS
> SQL-server. If one is found, an attack will be launched to find
> whether it is vulnerable.

I have no problem with people scanning me, it's the "SuSE-FW-ACCEPT"
bit that makes me concerned... I though that that meant the packet
had been accepted (and passed through) the firewall, or am I misinter-
preting this?

Tom.

< Previous Next >
References