13 Sep
2004
13 Sep
'04
08:25
Hi ! Today, my personal firewall notified my that my PC has been portscanned over the weekend over some higher ports(> 1024). My domain router/gateway is a SuSE 8.0 box with SuSEfirewall2. It is configured so that TCP communications can only pass through several specific ports (like 22, 25, 110, etc). All ports > 1024 are supposed to be blocked. Now I wonder : if my firewall is working as it should, how can I be portscanned ? My logs show no traffic with the IP number that scanned me which is not surprising since I only log denied traffic. Can anybody explain this to me ? Thanks, Jörg