From owner-freebsd-questions@FreeBSD.ORG  Sat Feb  7 01:22:10 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 727F916A4CE
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Feb 2004 01:22:10 -0800 (PST)
Received: from plushosting.nl (t-x.dignus.nl [217.148.174.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 49CEE43D1F
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Feb 2004 01:22:10 -0800 (PST)
	(envelope-from me@colin-raven.com)
Received: from t-x.dignus.nl (t-x.dignus.nl [127.0.0.1])
	by plushosting.nl (Postfix) with SMTP id 16756250A6
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Feb 2004 10:22:06 +0100 (CET)
Received: from 62.251.72.148
        (SquirrelMail authenticated user colin)
        by t-x.dignus.nl with HTTP;
        Sat, 7 Feb 2004 10:22:06 +0100 (CET)
Message-ID: <43003.62.251.72.148.1076145726.squirrel@t-x.dignus.nl>
Date: Sat, 7 Feb 2004 10:22:06 +0100 (CET)
From: "Colin Raven" <me@colin-raven.com>
To: freebsd-questions@freebsd.org
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
Subject: Repeated connection attempts in daily output
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: me@colin-raven.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Feb 2004 09:22:10 -0000

Greetings all,
In my daily security run output the last few days I'm getting hundreds of
connection attempts from this particular IP as shown:

Connection attempt to TCP 217.xxx.xxx.xxx:6881 from 12.215.41.59:1519
flags:0x02

All appear to be unsuccessful BTW.

Traceroute shows this to be a Mediacom customer, somewhere I think in the
DC or related area, not that it matters - but in the spirit of prudent
inquiry.

The well known ports number list from iana.org shows port 1519 as follows:
vpvd            1518/udp    Virtual Places Video data
vpvc            1519/tcp    Virtual Places Video control

but there's no mention of 6881.

0x02 are - I guess - command switches or flags of some kind, though I
don't know what they are.

Has anyone seen this specific pattern of attempted connections on these
port numbers before?? I'm blocking this IP at my firewall of course but
curiosity compels me to ask the question nonetheless.

Regards & TIA,
-Colin