Tobias
Are you sure that's all there is? I'm missing the destination port number. 61417 is the source port. The destination port could tell us what the packet was supposed to achieve.
Yes .... that's all I can see.
The rise in those numbers is their expected behaviour, since the source port is allocated by the IP masquerading code and the IP ID, used to distinguish IP packets from one another, seems to change in the same fashion in the Linux TCP/IP stack.
Yes
Well, why do you have ipchains rules configured to block that traffic
Just to block the high ports.
and what is generating it, those are the questions to be answered.
Yes, that's the part that I'm trying to understand :) I've disabled most services and used harden_suse to kill off the inetd daemon and most other things. Thanks -- Richard