From owner-freebsd-security Mon Jul 24 16:18:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.houston.rr.com (sm2.texas.rr.com [24.93.35.55]) by hub.freebsd.org (Postfix) with ESMTP id 18A0837B55A for ; Mon, 24 Jul 2000 16:18:30 -0700 (PDT) (envelope-from shocking@houston.rr.com) Received: from bleep.craftncomp.com ([24.27.77.164]) by mail.houston.rr.com with Microsoft SMTPSVC(5.5.1877.357.35); Mon, 24 Jul 2000 18:17:21 -0500 Received: from bloop.craftncomp.com (bloop.craftncomp.com [202.12.111.1]) by bleep.craftncomp.com (8.9.3/8.9.3) with ESMTP id SAA15669; Mon, 24 Jul 2000 18:14:19 -0500 (CDT) (envelope-from shocking@houston.rr.com) Received: from bloop.craftncomp.com (localhost [127.0.0.1]) by bloop.craftncomp.com (8.9.3/8.9.3) with ESMTP id SAA01912; Mon, 24 Jul 2000 18:14:09 -0500 (CDT) (envelope-from shocking@bloop.craftncomp.com) Message-Id: <200007242314.SAA01912@bloop.craftncomp.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: security@freebsd.org, sage-au@sage-au.org.au Subject: Script kiddies and their port scans Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 24 Jul 2000 18:14:09 -0500 From: Stephen Hocking Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Checking the firewall logs I see various attempts to connect to rather unusual ports on my box - does anyone now what the following are? 27374 1243 98 - This comes up as TACNEWS in /etc/services 143 imap2 Are the two unknown ones some BackOrifice port or part of the common backdoors left behind by these twerps? Stephen -- The views expressed above are not those of PGS Tensor. "We've heard that a million monkeys at a million keyboards could produce the Complete Works of Shakespeare; now, thanks to the Internet, we know this is not true." Robert Wilensky, University of California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message