Hello List, today i view my logs for warnings and other Problems with my Router Kernel 2.2.19 on SuSE 7.0 Snort alerts me following messages [**] FTP99cmp [**] 01/25-12:49:02.510018 172.16.2.5:56704 -> 172.16.2.6:1492 UDP TTL:58 TOS:0x0 ID:45067 Len: 8 [**] Back Door [**] 01/25-12:49:02.921419 172.16.2.5:56704 -> 172.16.2.6:1999 UDP TTL:58 TOS:0x0 ID:5981 Len: 8 [**] iNi Killer/Phase Zero/Stealth Spy [**] 01/25-12:49:03.645493 172.16.2.5:56704 -> 172.16.2.6:555 UDP TTL:58 TOS:0x0 ID:27091 Len: 8 [**] Remote Grab [**] 01/25-12:49:04.464164 172.16.2.5:56704 -> 172.16.2.6:7000 UDP TTL:58 TOS:0x0 ID:16456 Len: 8 [**] Shivka-Burka [**] 01/25-12:49:05.683546 172.16.2.5:56704 -> 172.16.2.6:1600 UDP TTL:58 TOS:0x0 ID:28222 Len: 8 [**] Hackers Paradise [**] 01/25-12:49:05.809637 172.16.2.5:56704 -> 172.16.2.6:31 UDP TTL:58 TOS:0x0 ID:65451 Len: 8 [**] Silencer, WebEX [**] 01/25-12:49:06.161501 172.16.2.5:56704 -> 172.16.2.6:1001 UDP TTL:58 TOS:0x0 ID:45491 Len: 8 [**] Ripper Pro [**] 01/25-12:49:06.525815 172.16.2.5:56704 -> 172.16.2.6:2023 UDP TTL:58 TOS:0x0 ID:18956 Len: 8 [**] Trojan Cow [**] 01/25-12:49:06.558256 172.16.2.5:56704 -> 172.16.2.6:2001 UDP TTL:58 TOS:0x0 ID:60477 Len: 8 [**] Sockets De Troie [**] 01/25-12:49:06.579138 172.16.2.5:56704 -> 172.16.2.6:5000 UDP TTL:58 TOS:0x0 ID:8426 Len: 8 [**] Attempted Sun RPC high port access [**] 01/25-12:49:06.623967 172.16.2.5:56704 -> 172.16.2.6:32771 UDP TTL:58 TOS:0x0 ID:41745 Len: 8 [**] Sockets De Troie [**] 01/25-12:49:06.655303 172.16.2.5:56704 -> 172.16.2.6:5001 UDP TTL:58 TOS:0x0 ID:30473 Len: 8 [**] Hackers Paradise [**] 01/25-12:49:07.470151 172.16.2.5:56704 -> 172.16.2.6:456 UDP TTL:58 TOS:0x0 ID:49981 Len: 8 [**] Back Orifice [**] 01/25-12:49:07.915080 172.16.2.5:56704 -> 172.16.2.6:31337 UDP TTL:58 TOS:0x0 ID:8186 Len: 8 [**] Satanz Backdoor [**] 01/25-12:49:08.362728 172.16.2.5:56704 -> 172.16.2.6:666 UDP TTL:58 TOS:0x0 ID:9630 Len: 8 172.16.2.5 is my Router IP, in the firewall i have set tcp and udp highports enabled. The 172.16.2.6 is a win client in my home LAN. nmap to the client 172.16.2.6 offers following open ports Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open listen 135/udp open loc-srv 137/udp open netbios-ns 138/udp open netbios-dgm 445/udp open microsoft-ds 500/udp open isakmp Do I have a problem? -- Best regards, Dietmar mailto:earthmate@gmx.net