
The 02.12.05 at 01:47, Anders Johansson wrote:
The only other instances I can find in a google search are also from people in Spain. They say it's their ISP that scans the port. Could that be true in your case also? Could it be that you all have the same ISP, and that you were issued some windows based software that listens on that port?! Just a thought.
Well, I'm not running any windows software, but yes, most attempts come from IPs assigned to that provider, but to clients like me. But some come from all around the world, it depends on the hour. Now that you say... yes, most attempts to that port come form IPs from my provider. Yes, that must be it, I'm close to them. That explains it.
Usually, the firewall reject them, but you can see in the log below it accepted some packets (although there was no response, according to iptraf), and that worries me a little. Why some times the firewall accepts them, and some times reject them? (that's the OT question O:-) by the way)
Do you have examples of port 5327 being REJECTed? From the log you posted it just looks like you're allowing high ports in your firewall, but blocking the low ports.
That's right. But I thought "SuSE-FW-DROP-DEFAULT" meant rejected, or at least, ignored. In fact, these are my rules for high ports: FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" -- Cheers, Carlos Robinson