Date: Fri, 28 Jun 2002 13:23:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Andy Farkas <andyf@speednet.com.au> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: strange connection attempts Message-ID: <20020628122354.GA9468@happy-idiot-talk.infracaninophi> In-Reply-To: <Pine.BSF.4.33.0206281758510.32309-100000@backup.af.speednet.com.au> References: <Pine.BSF.4.33.0206281758510.32309-100000@backup.af.speednet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 28, 2002 at 06:02:00PM +1000, Andy Farkas wrote: > Anyone have any idea on what could cause spurts of connection attempts to > the loopback address: > > franky# grep 127.0.0.1 /var/log/all.log | head -3 > Jun 28 15:07:30 <kern.info> franky /kernel: Connection attempt to TCP 127.0.0.1:1214 from 127.0.0.1:4891 > Jun 28 15:07:30 <kern.info> franky /kernel: Connection attempt to TCP 127.0.0.1:1214 from 127.0.0.1:4892 > Jun 28 15:07:30 <kern.info> franky /kernel: Connection attempt to TCP 127.0.0.1:1214 from 127.0.0.1:4893 Something is desperately trying to connect to a program on port 1214. That's the default port used by KaZaA/Morpheus p2p file sharing software. Unluckily for you, it's coming from the localhost. Luckily, nothing is actually listening. I'd try running tcpdump -i lo0 -X port 1214 to see if you can deduce anything from the packet contents. Also, use netstat -a sockstat to try and find the processes generating the traffic. Not to be alarmist, but are you certain of the integrity of your machine? Time to warm up the LART and check carefully for unauthorized naughtyness. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020628122354.GA9468>