Ok. That's correct. Do you know if it happens during normal navigation? I mean,
before that "attack" I had been accessing www.informit.com pages and the ip
adress of the logged packet seemed to come from there (sent through port 80). Is
that posible? What would it correspond to?
Thanks a lot.
Esteve Camps
Steve Shah wrote:
> Do you mean you got a log entry that looked like this?
>
> Mar 19 16:55:09 trillian kernel: Packet log: input DENY eth1 PROTO=6
> 192.168.1.1:34539 192.168.1.2:1433 L=40 S=0x00 I=49099 F=0x0000
> T=49 SYN (#8)
>
> ??
>
> If so, then someone was poking at you. (Not uncommon.) If the kernel
> denied a SYN/ACK and for some reason you can't connect to outside
> hosts from the inside, then you've misconfigured your firewall.
>
> Assuming your IP Masquerading works correctly, it is most likely the
> case that someone was just poking at your firewall to see if something
> would respond at 1433. Don't worry too much -- it isn't uncommon to
> get scanned/poked/prodded from the Internet. (Even if you're connected
> via DSL, cable modem, or just dial up PPP...) Your firewall is kindly
> doing its job and not forwarding that packet to your inside network.
>
> -Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
