From owner-freebsd-security  Mon Jul 24 17: 8:54 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.everyday.cx (cr308584-a.wlfdle1.on.wave.home.com [24.114.52.208])
	by hub.freebsd.org (Postfix) with ESMTP id E708637B51E
	for <security@freebsd.org>; Mon, 24 Jul 2000 17:08:50 -0700 (PDT)
	(envelope-from webbie@everyday.cx)
Received: from apollo (apollo.objtech.com [192.168.111.5])
	by mail.everyday.cx (Postfix) with ESMTP
	id CEC8C49B5; Mon, 24 Jul 2000 20:08:45 -0400 (EDT)
Date: Mon, 24 Jul 2000 20:08:45 -0400
From: Webbie <webbie@everyday.cx>
X-Mailer: The Bat! (v1.44) Personal
Reply-To: Webbie <webbie@everyday.cx>
X-Priority: 3 (Normal)
Message-ID: <4554750266.20000724200845@everyday.cx>
To: "Nick Loman" <nick@loman.net>
Cc: security@freebsd.org
Subject: Re[2]: Script kiddies and their port scans
In-reply-To: <Pine.BSF.4.21.0007250017100.48192-100000@slip.csosl.co.uk>
References: <Pine.BSF.4.21.0007250017100.48192-100000@slip.csosl.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello Nick,

This url might help.

http://www.robertgraham.com/pubs/firewall-seen.html

Monday, July 24, 2000, 7:18:10 PM, you wrote:

NL> On Mon, 24 Jul 2000, Stephen Hocking wrote:

>> Checking the firewall logs I see various attempts to connect to rather unusual 
>> ports on my box - does anyone now what the following are?
>> 
>> 
>> 27374
>> 
>> 1243
>> 
>> 98 - This comes up as TACNEWS in /etc/services
>> 
>> 143 imap2
>> 
>> Are the two unknown ones some BackOrifice port or part of the common backdoors 
>> left behind by these twerps?

NL> I have a similar question, but the port I saw was 1236

NL> /etc/services says: rmtcfg 1236/tcp # Gracilis Packeten remote config
NL> server

NL> (though I obviously don't run any such thing)

NL> Nick.




NL> To Unsubscribe: send mail to majordomo@FreeBSD.org
NL> with "unsubscribe freebsd-security" in the body of the message




-- 
Webbie
                              \\|//
                              (o o)               
+-------------------------oOOo-(_)-oOOo-----------------------------+
 EMail          : mailto:webbie(at)everyday(dot)cx
 PGP Key        : http://www.everyday.cx/pgpkey.txt
 PGP Fingerprint: 0B9F E081 35CD B9AF 58EA  7E43 38EC C84F 4AB4 792C
+-------------------------------------------------------------------+
not properly grounded, please bury computer




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message