[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] SuSEFirewall 2 / SuSE 8.1 accepting packets it should not
>> checking my logs today I found that my firewall accepts some
>> (not all!)
>> packets to TCP high ports, although I thought I had them all closed.
>> The firewall script is the latest update for 8.1, the system is SuSE
>> 8.1 with all current patches installed. Any ideas?
> Maybe the packets in your log are answer packets to a connection
> your computer initiated. Guess your computer initiates an ftp
> to some computer in the internet. The destination port is the port 21
> of the ftp server, and the source port is e.g. port 1234 of your
No, I definitely did not use FTP or any other protocol which would
listen on the ports where these packets were accepted (the ports are
the Kazaa / eDonkey ports).
> So the answer packet from the ftp server has source port 21, and the
> destination port is the port 1234 of your computer. Do you want the
> firewall to drop this packet?
The source port of the packets is no well-known port, so most likely
this is a Kazaa or eDonkey client which did not recognize that the
dynamic IP was re-issued to my computer when it was in use before for
So I definitely want the firewall to drop ALL these packet, not only
some of them (each second packet, as it seems...)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here