It is embarassing.....:( I will do that again if the problem happened again. I will grep correctly. Thank you... --- Ian David Laws wrote:

Hi Prabu

you see that it is ssh if you look at the destination port DST it is 22 or SSH .

Ian

---------- Forwarded Message ----------

Subject: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore. Date: Fri, 28 Feb 2003 06:01:33 -0800 (PST) From: Prabu Subroto To: SuSE Security Milis

Dear Peer....

I tried the command line from you. But the output is empty... I grep nothing...

I will repeat this threat from you if the problem comes again. Btw, how can you know that what I send to you was only ssh?

Please help me, I am stucked...

--- Peer Stefan wrote:

...

Hi Prabu,

Sorry to say so, but this trace shows nothing more than a connection-trace of your ssh-session (DPT=22 ...). Don't tail /var/log/messages, it's quite big and gets filled really fast. Do a "cat /var/log/messages|grep DTP=80|grep -v DST=192.168.23.10" in order to get all the outgoing http-stuff.

so long, Stefan

btw. I'm called Stefan - it's a bit queer here in Austria, we always put the last name in front ;-)

...

From: Prabu Subroto

[mailto:prabu_subroto@yahoo.com]

...

Dear my friend, Peer...

Today morning, it happened again. I follow your

advice

...

and this is the 60 lines of my "/var/log/messages" file: " proxy:/var/log # tail -n 60 messages Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52

TOS=0x10

...

PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132

DPT=22

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/