Hi Tom,
Question: Why am I seeing these connections being acceppted and dropped on port 1433??
Log (grepped): Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204056401010402)
This is very normal scanning that is going on all the time as soon as you connect a machine to the internet. A quick search with Yahoo gave the link: http://www.seifried.org/security/ports/1000/1433.html Port 1433 is MS SQL. Someone is trying whether you are running a MS SQL-server. If one is found, an attack will be launched to find whether it is vulnerable. Nothing to worry about as long as you run your firewall and shut down all ports that you don't need. HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50