Date: Mon, 24 Jul 2000 20:08:45 -0400 From: Webbie <webbie@everyday.cx> To: "Nick Loman" <nick@loman.net> Cc: security@freebsd.org Subject: Re[2]: Script kiddies and their port scans Message-ID: <4554750266.20000724200845@everyday.cx> In-Reply-To: <Pine.BSF.4.21.0007250017100.48192-100000@slip.csosl.co.uk> References: <Pine.BSF.4.21.0007250017100.48192-100000@slip.csosl.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Nick, This url might help. http://www.robertgraham.com/pubs/firewall-seen.html Monday, July 24, 2000, 7:18:10 PM, you wrote: NL> On Mon, 24 Jul 2000, Stephen Hocking wrote: >> Checking the firewall logs I see various attempts to connect to rather unusual >> ports on my box - does anyone now what the following are? >> >> >> 27374 >> >> 1243 >> >> 98 - This comes up as TACNEWS in /etc/services >> >> 143 imap2 >> >> Are the two unknown ones some BackOrifice port or part of the common backdoors >> left behind by these twerps? NL> I have a similar question, but the port I saw was 1236 NL> /etc/services says: rmtcfg 1236/tcp # Gracilis Packeten remote config NL> server NL> (though I obviously don't run any such thing) NL> Nick. NL> To Unsubscribe: send mail to majordomo@FreeBSD.org NL> with "unsubscribe freebsd-security" in the body of the message -- Webbie \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:webbie(at)everyday(dot)cx PGP Key : http://www.everyday.cx/pgpkey.txt PGP Fingerprint: 0B9F E081 35CD B9AF 58EA 7E43 38EC C84F 4AB4 792C +-------------------------------------------------------------------+ not properly grounded, please bury computer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4554750266.20000724200845>