I was looking at my /var/log/messages log and found this entry repeaditly.
It looks like DST was trying to connect to DPT.
I looked up the port (TCP 1433) and it's ms-sql. Im not running ms-sql of course. Im kinda new to iptables but, is this where the packets get logged? can anyone do more analysis on this log entry.
TOS? PREC? WINDOW? RES? SYN?
Aug 28 18:05:40 cvd-bs3-8 kernel: gShield (default drop) IN=eth0 OUT= MAC=00:01:02:83:de:73:00:10:67:00:50:21:08:00 SRC=220.127.116.11 DST=MY_IP LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=40680 DF PROTO=TCP SPT=22486 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0