Date: Sun, 3 Jun 2001 08:24:27 +0100 From: Lee Smallbone <lee@kechara.net> To: freebsd-security@freebsd.org Subject: Re: Connections to ports > 1024 Message-ID: <13350.010603@kechara.net> References: <3B193273.B87F743A@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
RS> Hello everyone, RS> thanks to all the ongoing discussions in this group I am learning a lot RS> about securing my freebsd box. RS> When looking through my daily security logs, I see the typical attempts RS> to connect to port 21, which I am rapidly getting used to. Along with RS> that I see attempts to connect with TCP on port 53 (I assume to break a RS> DNS server, like BIND?) - not that I have a DNS running on my systems. RS> What puzzles me more though is that more and more often I see connection attempts to ports >> 1024, like 8000, or 1080. RS> So, just because I am curious, are these people scanning for Trojans? RS> Should I just ignore it - the connections are dropped anyway - or is RS> there something more useful to do? 1080 is your common wingate/proxy port, people are most likely scanning class C subnets for open wingates to use. According to /etc/services, 8000 is for gicq (an ICQ clone?) If you're not running anything on these ports, I wouldn't be too concerned. Best Regards, Lee Smallbone +----------------------------------------------+ | Kechara Internet - Global Reach, Local Touch | +----------------------------------------------+ | Sales: 0800 138 7727 | Support: 01243 869969 | | sales@kechara.net | support@kechara.net | | web: www.kechara.net | Intl: +44 1243 869969 | +----------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13350.010603>