This has been appearing in our kern.log over the last 4 days. Never had a problem with this particular port before then. Nothing has been changed (AFAIK) to the system. It's Debian, we never have to touch it :-)
Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 S=0x00 I=29688 F=0x0000 T=244 (#30) It's the :13 part that I found unusual, A little research has revealed that it may be an attempt to fingerprint our system to see what is available. I was lead to believe that this is the Timeday port. Is this correct ? xxx is our public IP address. And yyy is the remote IP address that is making the contact. Many thanks for any ideas. Pete Schmidt Warner Village ################################################################################ This Communication and any files transmitted with it are intended for the named addressee only, are confidential in nature and may contain legally privileged information. The copying or distribution of this communication or any information it contains, by anyone other than the addressee or the person responsible for delivering this communication to the intended addressee, is prohibited. If you receive this communication in error, please advise us by telephone, and then delete the communication. You will be reimbursed for reasonable costs incurred in notifying us. Before you open or use any attachments first check them for viruses and defects. Our liability is limited to resupplying any affected attachments only. ################################################################################
