SuSE Linux: All versions
According to your firewall log entries, the computer turing.suse.de tries to set up a connection from the TCP port 20 to one of your computers. You fear this might be the attack of a hacker.
First basic rule: don't panic. You have probably tried to download data from turing.suse.de. Actually, turing.suse.de is the German FTP server of the company SuSE.
If you are using an active FTP, the FTP server will establish a connection to
your client once the client has sent the command PORT
. This
PORT
command precedes each utilizable data communication via ftp and
is even used when the directory contents of the server are displayed.
By means of the PORT
command, the FTP client signalizes that it accepts
data on a certain TCP/IP port. Since the FTP client is started with normal user permissions,
the reception port is a port larger than 1024.
Most package filter firewalls regard this connection setup as an unauthorized connection attempt from the outside, thus blocking it. Mostly, this attempt is also logged. As a result of this blockage, the ftp transmission does not work. Even though you can login, neither a listing of the directory contents nor a file transfer take place.
The ftp protocol has its origin in the initial days of the Internet, when safety aspects did not play a significant role yet. Meanwhile there is an extension of the ftp protocol, the so-called passive ftp.
Always use passive ftp. In the case of command line-oriented clients, you can
usually switch from the active to the passive mode with the passive
command.
For further information on the ftp protocol, refer to the respective, on line available RFCs: