RE: Firewall log with port 65535 question

To: Bill Bell <whbell@ia.net>
Cc: pmfirewall <pmfirewall@pointman.org>, debian-firewall <debian-firewall@lists.debian.org>
Subject: RE: Firewall log with port 65535 question
From: erich.schubert@mucl.de
Date: Wed, 01 Nov 2000 15:26:33 +0100 (CET)
Message-id: <[🔎] 20001101142633.4657.qmail@erich.xmldesign.de>
In-reply-to: <973057112.39ffac586653e@whbell.ia.net>

> I have a Debian / Woody firewall at home and have been getting
> getting the following log reports for a few days.

I have similar log entries on a SuSE Linux box (well i don't care much about
this box, i'll install debian on it sometime...)

I tracked them down to one dialup-user who had problems with FTP.
He was trying to transfer files to out ftp server but it did not work.
I think his windows is broken... because he tried it with some other computer
and it worked; also no other users reported the problem, and he had the same
problem with differen ftp programs.

But i'm not sure wheter it was PROTO=2 as well, i think it was tcp.
 
> Logcheck is finding this on eth0, my internal net, which is just 2 Win98 
> machines.

Expect them to make failures... ;)
 
> -- begin logcheck --
> 
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Oct 31 19:48:43 reboots kernel: Packet log: input DENY eth0 PROTO=2
> 4.0.0.3:65535 227.37.32.1:65535 L=32 S=0x00 I=6912 F=0x0000 T=1 O=0x00000494
> (#39)

Gruß,  Erich

Reply to:

Prev by Date: Re: Firewall log with port 65535 question
Next by Date: Re: Firewall log with port 65535 question
Previous by thread: Re: Firewall log with port 65535 question
Next by thread: Newbie, someone have how-to on from-scratch Debian firewall?
Index(es):
- Date
- Thread