-----Original Message----- From: Peer Stefan [mailto:stefan.peer@tiwag.at] Sent: 31 March 2004 15:20 To: suse-security@suse.com Subject: RE: [suse-security] Odd FW Log
Hi,
From: Tom Knight [mailto:thomas.knight@ahds.ac.uk] I have no problem with people scanning me, it's the "SuSE-FW-ACCEPT" bit that makes me concerned... I though that that meant the packet had been accepted (and passed through) the firewall, or am I misinter- preting this?
Do you have FW_ALLOW_INCOMING_HIGHPORTS_TCP or FW_ALLOW_INCOMING_HIGHPORTS_UDP set to yes? If so, then it's normal behaviour. A high port is any port higher than 1023, which includes 1433.
Hmm... FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" No, the machnes mentioned in the logs aren't my name servers! As it happens the packets that are reported as coming in are TCP (not UDP) so even if my DNS config was screwed that part shouldn't let them in ;-) Ta, Tom.