![](https://seccdn.libravatar.org/avatar/926aae47e9d1677af3799a66f39f330d.jpg?s=120&d=mm&r=g)
* fsanta;
Jan 18 17:12:22 altea1 kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:05:5d:47:bc:33:00:60:68:81:10:c7:08:00 SRC=211.46.223.114 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=101 ID=21212 DF PROTO=TCP SPT=3049 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What happens with port 1433? Can someone interpret this for us?
toganm@earth:~> grep 1433 /etc/services ms-sql-s 1433/tcp # Microsoft-SQL-Server ms-sql-s 1433/udp # Microsoft-SQL-Server Are you running one ? if not no worry. On the other hand many of the services ( ports) are explained as which service runs on them in /etc/services. Checking it first can give you and idea before getting in to the panic state. Using http://isc.incidents.org/ can give you a basic idea what is going on worlwide in terms of the attacked ports. Furthermore if you use http://www.dshield.org and one the clients for log upload then based on the behavior of the attacking IP you can have Dshield send abuse reports to respective ISP's Another option is using http://analyzer.securityfocus.com/ and using Extractor uploading the logs where you can analyze in detail. But most importantly if you are running a firewall you need to understand what they mean http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html So there are lot's of good stuff in these links, you should be able to solve the future logs -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx