
Hi jdd On 2001.08.29 20:01:22 +0100 jdd wrote:
looking at the sure personal firewall (set as default, my server offers no service for outside) log, I found this:
(isdn connection)
Aug 28 23:19:54 phoenix kernel: OPEN: 192.168.0.1 -> 212.27.32.5 UDP, port: 61171 -> 53
my FAI DNS
Aug 28 23:19:54 phoenix kernel: ippp0: dialing 1 0868929898...
phone call
Aug 28 23:19:55 phoenix kernel: isdn_net: ippp0 connected Aug 28 23:21:20 phoenix kernel: Packet log: rulchain REJECT ippp0 PROTO=6
213.228.8.211:2454 213.228.41.113:80 L=48 S=0x00 I=435 F=0x4000 T=123 SYN
(#17) Aug 28 23:21:24 phoenix kernel: Packet log: rulchain REJECT ippp0 PROTO=6
213.228.8.211:2454 213.228.41.113:80 L=48 S=0x00 I=985 F=0x4000 T=123 SYN
(#17) Aug 28 23:21:28 phoenix kernel: Packet log: rulchain REJECT ippp0 PROTO=6
213.228.8.211:2454 213.228.41.113:80 L=48 S=0x00 I=1892 F=0x4000 T=123 SYN (#17)
what are these three rejected connections? nslookup show that 213.... machines are two of my isp's machine, so it seems legal. may I cause a problem with rejecting these things? port 80 is ftp????
such reject are found some time, just after connctions, but not always.
port 80 is http / www. One of the IP addresses is you - probably the second one. If you are using dynamic IP, your ISP will assign one of these to you each time you connect, so it will change each time you call your ISP. These packets are to do with connecting to a webserver. Since you say you don't run any external services, this is someone else on your ISP looking to see if you have a webserver running. Most likely a code red attack attempt or similar. If you don't run a webserver, you shouldn't break anything by REJECTing these packets. HTH Maf.
thanks jdd
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~