<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.1.7">
</HEAD>
<BODY BGCOLOR="#ffffff">
Try 'netstat -apn' . That will tell you which processes are connected to those ports. You can decide from there if you need those ports and processes or not.<BR>
<BR>
Your firewall shouldn't really have any ports open unless you are sending those ports through DNAT to a machine behind the firewall. <BR>
<BR>
If you need ports open, try to restrict, with iptables, who can access those ports.<BR>
<BR>
-d <BR>
<BR>
On Wed, 2003-01-29 at 08:56, Don Collier wrote:
<BLOCKQUOTE TYPE=CITE>
<FONT COLOR="#737373" SIZE="2"><I>Hello all. I have a real quick firewall question. I have seen several hits on my firewall on about 5 separate ports. The repetition of this looks almost virus like on their part. </FONT><BR>
<FONT COLOR="#737373" SIZE="3"> </FONT><BR>
<FONT COLOR="#737373" SIZE="2">The attempts try to get access to ports 3128 6588 80 8080 and 1080. The attempts also come from several different addresses.</FONT><BR>
<FONT COLOR="#737373" SIZE="3"> </FONT><BR>
<FONT COLOR="#737373" SIZE="2">My computer is connected directly to the WAN with no LAN link at all. Only one nic. Running RH 7.3 (fully patched) with iptables fw.</I></FONT>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
Dave Hahn <<A HREF="mailto:dhahn@techangle.com">dhahn@techangle.com</A>>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>