Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] Odd FW Log
  • From: Armin Schoech <armin.schoech@xxxxxx>
  • Date: Wed, 31 Mar 2004 13:31:14 +0000 (GMT)
  • Message-id: <Pine.LNX.4.58.0403311328400.13346@xxxxxxxxxxxxxxxxxxxxx>
Hi Tom,

> Question:
> Why am I seeing these connections being acceppted and dropped on port 1433??
>
> Log (grepped):
> Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx
> SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF
> PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> (0204056401010402)
>
This is very normal scanning that is going on all the time as soon as
you connect a machine to the internet. A quick search with Yahoo
gave the link:
http://www.seifried.org/security/ports/1000/1433.html

Port 1433 is MS SQL. Someone is trying whether you are running a MS
SQL-server. If one is found, an attack will be launched to find
whether it is vulnerable.

Nothing to worry about as long as you run your firewall and shut down
all ports that you don't need.

HTH,
Armin

--
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50

< Previous Next >
Follow Ups
References