Security Incidents mailing list archives
Re: Odd Firewall Entries
From: v.sweeney () DEXTERUS COM (Vincent Sweeney)
Date: Tue, 25 Apr 2000 00:55:41 +0100
----- Original Message ----- From: "Jens Hektor" <hektor () RZ RWTH-AACHEN DE> To: <INCIDENTS () SECURITYFOCUS COM> Sent: 22 April 2000 05:24 Subject: Re: Odd Firewall Entries
Hi,was wonder if anyone has seen the like before and / or knows any more info?Apr 19 11:13:47 kernel: Packet log: input DENY eth0 PROTO=54 137.248.121.114:65535 xxx.xxx.xxx.xxx:65535 L=68 S=0x00 I=0 F=0x0000 T=16 O=0x00000494 (#17)have seen those PROTO=54 entries too for a longer time. They seem to be correlated to ftp-sessions towards the machine. Is there a ftp-server running on the machine ? Bye, Jens
Well the server *is* running a ftp server but that is configured on the firewall to be only accessable from the internal subnet. I have checked my logs and can see no correlation between the PROTO=54 packets and incoming packets directed at the ftp service (on my server anyway) . Vince.
Current thread:
- Odd Firewall Entries Vincent Sweeney (Apr 20)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)
- Re: Odd Firewall Entries Vincent Sweeney (Apr 24)
- <Possible follow-ups>
- Re: Odd Firewall Entries Ed Padin (Apr 24)
- Linuxconf probe Thomas Chiverton (Apr 26)
- Re: Odd Firewall Entries Eric Vyncke (Apr 26)
- traffic logging Jon Burdge (Apr 26)
- Re: traffic logging Lance Spitzner (Apr 27)
- Re: Odd Firewall Entries Robert Graham (Apr 26)
- Re: Odd Firewall Entries Ed Padin (Apr 27)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)