Thank you for the Google reference, it was interesting reading. I see that you have abandoned using the Linux firewall in favor of a hardware firewall. All my networks that are networked to the internet are behind a firewall router. In one case, just NAT but in the rest they are packet inspecting firewalls. These are very small networks. In one network, the server is mission critical and has no need to access the internet except for updates and when I am on it looking for something. I am wondering if there is any benefit in activating the Linux firewall on that server even though it's behind a hardware firewall. We have had no problems with intruders coming through the firewall up until now, but a firewall log on one network reveals that it receives about 500 port probes every day (not the list of ports, just one or two) many of which are related to Trojans port addresses. The source IP addresses are unique so I am assuming they are just script-kiddies. Do you think I am sufficiently safe or should I take additional measures to insure the safety of the server? Thanks Buck -----Original Message----- From: del-SLE [mailto:suse-linux-e@foodel.demon.co.uk] Sent: Saturday, October 04, 2003 9:46 AM To: suse-linux-e@suse.com Subject: Re: [SLE] Martian source On Saturday 04 Oct 2003 13:25, Carlos E. R. wrote:
That's why they named them "martian" source.
It must be some new worm, virus, or whatever.
It is not a worm or virus! It's something to do with firewalling and localhost, I looked into this a couple of years ago. I've not used the Linux firewall tools for a long time, all hardware walls here now. Google has more info and, I think, that Suse has some on its own help dbase. -- del suse-linux-e -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com