-----Original Message----- From: Joe Morris (NTM) [mailto:Joe_Morris@ntm.org] Sent: 31 March 2004 15:20 To: suse-security@suse.com Subject: Re: [suse-security] Odd FW Log
On 03/31/2004 09:12 PM, Tom Knight wrote:
Question: Why am I seeing these connections being accepted and dropped on port 1433??
Log (grepped): Mar 31 05:37:02 xxx kernel: SuSE-FW-ACCEPT IN=eth1 OUT= MAC=xxx SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204056401010402) Mar 31 05:37:02 xxx kernel: SuSE-FW-DROP-DEFAULT IN=eth1 OUT= MAC=xxx SRC=66.7.157.125 DST=xxx LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=59278 DF PROTO=TCP SPT=44435 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204056401010402)
I remember seeing that before when I ran 8.0. I believe you should check for a SuSEfirewall2 update. I am pretty sure it is a buglet in the script related to logging, i.e. the packets are being dropped, but I know updating it fixed that problem for me. It is a noarch rpm, you could check if a newer version's rpm would work, or rebuild the package for your box.
Hmm, interesting. I have all the SLES 8 updates applied, but I'll grab the SUSE support people and see if they have any news on this. Ta, Tom.