Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Nov 2001 07:08:33 -0800
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        <freebsd-security@freebsd.org>
Subject:   Port 1214 - Is It Used For A Specific Purpose?
Message-ID:  <003001c175c3$0c81a4e0$0b01a8c0@lc.ca.gov>
next in thread | raw e-mail | index | archive | help 
I was looking over my firewall logs this morning and noticed that there
are many attempts to connect to TCP port 1214 from different addresses.
I've searched the web but found no specific mention of any standard
purpose for this port.  I suppose this is some sort of scan but was just
wondering if anyone knows exactly what this is?

I included a snip of my log from two complete attempts.  It's probably
more than is needed but I thought maybe someone might see a pattern that
I'm missing.

Thanks,

Drew

P.S.  192.168.10.2 is my outside interface to my firewall.  I know it is
a private address but it's OK as my ADSL modem/router gets a public
address from my ISP via DHCP and performs NAT for the rest of my
machines.

> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1042 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1043 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 141.157.125.23:1057 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1

> ipfw: 65500 Deny TCP 172.191.120.23:1854 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:1853 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2282 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2283 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2355 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2362 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2447 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1
> ipfw: 65500 Deny TCP 172.191.120.23:2453 192.168.10.2:1214 in via ed1



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001c175c3$0c81a4e0$0b01a8c0>