Re: strange tcpdump traffic

From: David (thunderbolt01_at_netscape.net)
Date: 02/13/04 

Date: Fri, 13 Feb 2004 15:19:43 GMT

Michael Wimmer wrote:
> Hi,
>
> we have problems with our internet connection so I look at the traffice
> at our gateway.
>
> There are many requests from a specific address to our internal machine
> running msde (3a). Currently the database is not supposed to be accessed
> from outside.
>
> Could anybody tell me if I should be concerned about this an what which
> actions I should take?
>
> 09:45:37.291046 209.248.158.74.nw.nuvox.net.48760 >
> xxx18.xxx.at.ms-sql-s: . ack 1 win 8760 (DF)
> 09:45:37.293020 209.248.158.74.nw.nuvox.net.48760 >
> xxx18.xxx.at.ms-sql-s: . ack 128 win 8634 (DF)
> 09:45:37.293342 209.248.158.74.nw.nuvox.net.48760 >
> xxx18.xxx.at.ms-sql-s: F 166:166(0) ack 128 win 8634 (DF)
>
> 09:46:41.931797 209.248.158.74.nw.nuvox.net.29065 >
> xxx18.xxx.at.ms-sql-s: . ack 128 win 8634 (DF)
> 09:46:41.931866 209.248.158.74.nw.nuvox.net.29065 >
> xxx18.xxx.at.ms-sql-s: F 168:168(0) ack 128 win 8634 (DF)
> 09:46:41.931932 209.248.158.74.nw.nuvox.net.30628 >
> xxx18.xxx.at.ms-sql-s: S 3969673928:3969673928(0) win 8192 <mss 1460> (DF)

Below it looks like your system replied to the request. If the
database system isn't suppose to be accessed from the internet
them I would say your firewall/gateway is misconfigured somewhere.

Possibly at ports:
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server

> 09:46:41.932046 xxx18.xxx.at.ms-sql-s >
> 209.248.158.74.nw.nuvox.net.29065: . ack 169 win 17352 (DF)
> 09:46:41.932270 xxx18.xxx.at.ms-sql-s >
> 209.248.158.74.nw.nuvox.net.30628: S 10918107:10918107(0) ack 3969673929
> win 17520 <mss 1460> (DF)
>
> I am not the one who set up this machine nor I am in charge of
> maintaining it, but I am the only one available right now. So please
> apologize if this question reveals some lack of understanding. 

-- 
Confucius:  He who play in root, eventually kill tree.
Registered with The Linux Counter.  http://counter.li.org/
Slackware 9.1.0 Kernel 2.4.24 SMP i686 (GCC) 3.3.2
Uptime: 38 days, 20:46, 2 users, load average: 1.14, 1.20, 1.0

Relevant Pages

  • Re: Office 2003 not responding after SP2 update
    ... Requests for assistance by email can not and will not be acknowledged. ... going in a loop but excluded BHO files and all worked fine. ... Once I connect to internet they "hang" ...
    (microsoft.public.officeupdate)
  • Re: Office 2003 not responding.
    ... Requests for assistance by email can not and will not be acknowledged. ... Once I connect to internet they "hang" ... Both of these cleared after running chkdsk. ...
    (microsoft.public.office.misc)
  • Re: Why is the server accessing the LAN nic to POP mail, given this summary?
    ... broadband, then why is the IP address on your external NIC a class A? ... from where are your POP3 requests coming? ... requests intended for the Internet are forwarded to the DNS ... the modem gets that info from the service connection but holds it internally, ...
    (microsoft.public.windows.server.sbs)
  • Re: Activation Wizard
    ... Requests for assistance by email can not and will not be acknowledged. ... I have the trial of Office 2007 installed on my new laptop. ... Internet" then I hit "next". ... After 1-2 minutes a message pops up saying "A communication error has ...
    (microsoft.public.office.setup)
  • Re: Is there a MSN member services phish circulating?
    ... As part of the Roadrunner Broadband service, We got a year of EZ firewall and ... When using internet explorer I ... now get requests from 3 seperate programs for interenet access, ...
    (microsoft.public.security)