From owner-freebsd-security  Mon Jul 24 16:23:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from slip.csosl.co.uk (slip.csosl.co.uk [194.205.66.135])
	by hub.freebsd.org (Postfix) with SMTP id 2014337B768
	for <security@freebsd.org>; Mon, 24 Jul 2000 16:23:05 -0700 (PDT)
	(envelope-from nick@loman.net)
Received: (qmail 48220 invoked by uid 1001); 24 Jul 2000 23:18:11 -0000
From: "Nick Loman" <nick@loman.net>
Date: Tue, 25 Jul 2000 00:18:10 +0100 (BST)
To: security@freebsd.org
Subject: Re: Script kiddies and their port scans
In-Reply-To: <200007242314.SAA01912@bloop.craftncomp.com>
Message-ID: <Pine.BSF.4.21.0007250017100.48192-100000@slip.csosl.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 24 Jul 2000, Stephen Hocking wrote:

> Checking the firewall logs I see various attempts to connect to rather unusual 
> ports on my box - does anyone now what the following are?
> 
> 
> 27374
> 
> 1243
> 
> 98 - This comes up as TACNEWS in /etc/services
> 
> 143 imap2
> 
> Are the two unknown ones some BackOrifice port or part of the common backdoors 
> left behind by these twerps?

I have a similar question, but the port I saw was 1236

/etc/services says: rmtcfg 1236/tcp # Gracilis Packeten remote config
server

(though I obviously don't run any such thing)

Nick.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message