[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEFirewall 2 / SuSE 8.1 accepting packets it should not

Hi Uli,

>> checking my logs today I found that my firewall accepts some 
>> (not all!) 
>> packets to TCP high ports, although I thought I had them all closed. 
>> The firewall script is the latest update for 8.1, the system is SuSE 
>> 8.1 with all current patches installed. Any ideas?
> Maybe the packets in your log are answer packets to a connection
> your computer initiated. Guess your computer initiates an ftp
> connection
> to some computer in the internet. The destination port is the port 21
> of the ftp server, and the source port is e.g. port 1234 of your 
> computer.

No, I definitely did not use FTP or any other protocol which would 
listen on the ports where these packets were accepted (the ports are 
the Kazaa / eDonkey ports). 

> So the answer packet from the ftp server has source port 21, and the
> destination port is the port 1234 of your computer. Do you want the
> firewall to drop this packet?

The source port of the packets is no well-known port, so most likely 
this is a Kazaa or eDonkey client which did not recognize that the 
dynamic IP was re-issued to my computer when it was in use before for 
file sharing.

So I definitely want the firewall to drop ALL these packet, not only 
some of them (each second packet, as it seems...)



Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here