![](https://seccdn.libravatar.org/avatar/d48e0fab41b188849be0dfd65aaa07a2.jpg?s=120&d=mm&r=g)
On Sunday 19 January 2003 4:19 pm, fsanta wrote:
Jan 18 17:12:22 altea1 kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:05:5d:47:bc:33:00:60:68:81:10:c7:08:00 SRC=211.46.223.114 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=21212 DF PROTO=TCP SPT=3049 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What happens with port 1433? Can someone interpret this for us?
Thanks, Steve.
Steve, a whois 211.46.233.114 gets you this: IP Address : 211.46.216.0-211.46.223.255 Network Name : ULSANEDU Connect ISP Name : PUBNET Connect Date : 20000111 Registration Date : 20000131 [ Organization Information ] Orgnization ID : ORG91609 Org Name : ULSAN METROPOLITAN OFFICE OF EDUCATION State : ULSAN Address : 193-1Shinjung3-dongNam-gu Zip Code : 680-013 [ Admin Contact Information] Name : Sunii Lee Org Name : ULSAN METROPOLITAN OFFICE OF EDUCATION State : ULSAN Address : 193-1Shinjung3-dongNam-gu Zip Code : 680-013 Phone : +82-52-270-3804 Fax : +82-52-270-3514 E-Mail : casper@mail.use.go.kr [ Technical Contact Information ] Name : Sunii Lee Org Name : ULSAN METROPOLITAN OFFICE OF EDUCATION State : ULSAN Address : 193-1Shinjung3-dongNam-gu Zip Code : 680-013 Phone : +82-52-270-3804 Fax : +82-52-270-3514 E-Mail : casper@mail.use.go.kr -------------------------------------------------------------------------------- If the above contacts are not rechable, please see the following ISP contacts for relevant information or network abuse complaints. [ ISP IP Admin Contact Information ] Name : YOUNGHWAN KIM Phone : +82-2-710-1416 Fax : +82-2-702-4233 E-Mail : abuse@pubnet.ne.kr [ ISP IP Tech Contact Information ] Name : JAESIK KIM Phone : +82-2-710-1416 Fax : +82-2-702-4233 E-Mail : ip@pubnet.ne.kr [ ISP Network Abuse Contact Information ] Name : . Phone : +82-2-710-1416 Fax : . E-Mail : abuse@pubnet.ne.kr A quick translation of your output is that Someone in Korea, most likely a porno place of some sort, has hit your subnet host of 192.168.1.2 via port 1433. The protocol is TCP/ip and their source port was 3049. Looks like you need to work on your firewall to stop such things if they are uninvited guests. Forinstance, my Shorewall Firewall blocks all attempts to contact any of my subnet from the Internet with a DROP. If you need more info on the firewall go look at shorewall.net and read the Quickstart Users Guide. ra