Date: Tue, 14 Sep 1999 10:52:31 +0200 (CEST) From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> To: freebsd-security@freebsd.org Subject: udp ports (scan?) Message-ID: <199909140852.KAA40269@gil.physik.rwth-aachen.de>
next in thread | raw e-mail | index | archive | help
I was observing packet loss in our local network and while first blaming general network overload I found that the packet loss concentrates on a FreeBSD (3.2) machine while pinging at other hosts in the same network doesn't show the packet loss. During further examining this I started tcpdump on another machine with tcpdump host htobecontrld and ip proto ICMP and running it over one day or so I caught some icmp packets htobecontrld is the host I was examining ournameserver was obviously the source of some requests sent to my host-to-be-controlled which answered with the 'port unreachable' messages. Now I'm wondering what kind of program running on the nameserver (which is not under my direct control) could cause these requests to be launched? tcpdump: listening on de0 13:53:51.256654 htobecontrld > ournameserver: icmp: htobecontrld udp port 3151 unreachable 14:04:26.928073 htobecontrld > ournameserver: icmp: htobecontrld udp port 3190 unreachable 14:07:50.840184 htobecontrld > ournameserver: icmp: htobecontrld udp port 3199 unreachable 14:11:15.185485 htobecontrld > ournameserver: icmp: htobecontrld udp port 3202 unreachable 14:21:37.183022 htobecontrld > ournameserver: icmp: htobecontrld udp port 3221 unreachable 14:21:47.414354 htobecontrld > ournameserver: icmp: htobecontrld udp port 3227 unreachable 14:33:02.343351 htobecontrld > ournameserver: icmp: htobecontrld udp port 3273 unreachable 14:34:02.851694 htobecontrld > ournameserver: icmp: htobecontrld udp port 3282 unreachable 14:36:45.415034 htobecontrld > ournameserver: icmp: htobecontrld udp port 3293 unreachable 15:13:09.697960 htobecontrld > ournameserver: icmp: htobecontrld udp port 3385 unreachable 15:13:09.697960 htobecontrld > ournameserver: icmp: htobecontrld udp port 3385 unreachable 15:20:09.660322 htobecontrld > ournameserver: icmp: htobecontrld udp port 3412 unreachable 15:31:05.104729 htobecontrld > ournameserver: icmp: htobecontrld udp port 3442 unreachable 15:36:29.514619 htobecontrld > ournameserver: icmp: htobecontrld udp port 3462 unreachable 15:41:01.920259 htobecontrld > ournameserver: icmp: htobecontrld udp port 3476 unreachable 15:41:15.251266 htobecontrld > ournameserver: icmp: htobecontrld udp port 3477 unreachable 15:45:08.414133 htobecontrld > ournameserver: icmp: htobecontrld udp port 3515 unreachable 15:45:29.257732 htobecontrld > ournameserver: icmp: htobecontrld udp port 3529 unreachable 15:49:52.837334 htobecontrld > ournameserver: icmp: htobecontrld udp port 3580 unreachable 16:18:31.819020 htobecontrld > ournameserver: icmp: htobecontrld udp port 3737 unreachable 16:32:39.182636 htobecontrld > ournameserver: icmp: htobecontrld udp port 3774 unreachable 16:32:50.888815 htobecontrld > ournameserver: icmp: htobecontrld udp port 3775 unreachable 16:41:31.150820 htobecontrld > ournameserver: icmp: htobecontrld udp port 3832 unreachable 16:58:50.989253 htobecontrld > ournameserver: icmp: htobecontrld udp port 3917 unreachable 16:58:54.683655 htobecontrld > ournameserver: icmp: htobecontrld udp port 3918 unreachable 16:59:18.852931 htobecontrld > ournameserver: icmp: htobecontrld udp port 3926 unreachable 17:04:28.053373 htobecontrld > ournameserver: icmp: htobecontrld udp port 3968 unreachable 17:05:20.889957 htobecontrld > ournameserver: icmp: htobecontrld udp port 3991 unreachable 17:05:25.538210 htobecontrld > ournameserver: icmp: htobecontrld udp port 3987 unreachable 17:05:29.836622 htobecontrld > ournameserver: icmp: htobecontrld udp port 3996 unreachable 17:17:36.700988 htobecontrld > ournameserver: icmp: htobecontrld udp port 4102 unreachable 17:17:36.740919 htobecontrld > ournameserver: icmp: htobecontrld udp port 4103 unreachable 17:31:44.809722 htobecontrld > ournameserver: icmp: htobecontrld udp port 4167 unreachable 17:32:38.966678 htobecontrld > ournameserver: icmp: htobecontrld udp port 4178 unreachable 17:39:54.678230 htobecontrld > ournameserver: icmp: htobecontrld udp port 4196 unreachable 17:59:49.360598 htobecontrld > ournameserver: icmp: htobecontrld udp port 4337 unreachable 18:10:06.141498 htobecontrld > ournameserver: icmp: htobecontrld udp port 4393 unreachable 18:10:14.018915 htobecontrld > ournameserver: icmp: htobecontrld udp port 4397 unreachable 18:22:38.244695 htobecontrld > ournameserver: icmp: htobecontrld udp port 4475 unreachable 18:28:14.111106 htobecontrld > ournameserver: icmp: htobecontrld udp port 4519 unreachable 18:36:13.179419 htobecontrld > ournameserver: icmp: htobecontrld udp port 4596 unreachable 18:37:22.693492 htobecontrld > ournameserver: icmp: htobecontrld udp port 4604 unreachable 18:54:54.669616 htobecontrld > ournameserver: icmp: htobecontrld udp port 4691 unreachable 18:54:57.236363 htobecontrld > ournameserver: icmp: htobecontrld udp port 4694 unreachable 18:55:03.128219 htobecontrld > ournameserver: icmp: htobecontrld udp port 4705 unreachable 19:00:34.078595 htobecontrld > ournameserver: icmp: htobecontrld udp port 4716 unreachable 19:05:12.453255 htobecontrld > ournameserver: imp: htobecontrld udp port 4728 unreachable 19:16:35.928587 htobecontrld > ournameserver: icmp: htobecontrld udp port 4800 unreachable 19:43:39.675290 htobecontrld > ournameserver: icmp: htobecontrld udp port 4874 unreachable 20:28:06.247516 htobecontrld > ournameserver: icmp: htobecontrld udp port 1065 unreachable 20:41:18.205457 htobecontrld > ournameserver: icmp: htobecontrld udp port 1281 unreachable 20:45:42.047075 htobecontrld > ournameserver: icmp: htobecontrld udp port 1325 unreachable 20:49:29.804008 htobecontrld > ournameserver: icmp: htobecontrld udp port 1344 unreachable 20:59:06.544939 htobecontrld > ournameserver: icmp: htobecontrld udp port cadsi-lm unreachable 21:03:36.939149 htobecontrld > ournameserver: icmp: htobecontrld udp port symplex unreachable 21:11:16.690970 htobecontrld > ournameserver: icmp: htobecontrld udp port 1583 unreachable 21:37:14.350186 htobecontrld > ournameserver: icmp: htobecontrld udp port 1716 unreachable 21:38:03.652302 htobecontrld > ournameserver: icmp: htobecontrld udp port 1741 unreachable 21:46:10.942866 htobecontrld > ournameserver: icmp: htobecontrld udp port 1817 unreachable 22:05:50.686555 htobecontrld > ournameserver: icmp: htobecontrld udp port raid-cd unreachable 22:16:33.673137 htobecontrld > ournameserver: icmp: htobecontrld udp port 2071 unreachable 22:21:43.078998 htobecontrld > ournameserver: icmp: htobecontrld udp port 2100 unreachable 22:28:55.425618 htobecontrld > ournameserver: icmp: htobecontrld udp port 2139 unreachable 22:31:33.480595 htobecontrld > ournameserver: icmp: htobecontrld udp port 2160 unreachable 23:02:55.916526 htobecontrld > ournameserver: icmp: htobecontrld udp port 2394 unreachable 23:18:58.826335 htobecontrld > ournameserver: icmp: htobecontrld udp port 2482 unreachable 23:31:48.014578 htobecontrld > ournameserver: icmp: htobecontrld udp port 2519 unreachable 23:31:52.421756 htobecontrld > ournameserver: icmp: htobecontrld udp port 2527 unreachable 23:59:28.936152 htobecontrld > ournameserver: icmp: htobecontrld udp port 2603 unreachable 23:59:31.216532 htobecontrld > ournameserver: icmp: htobecontrld udp port 2601 unreachable 00:58:26.300246 htobecontrld > ournameserver: icmp: htobecontrld udp port 2777 unreachable 04:51:24.263385 htobecontrld > ournameserver: icmp: htobecontrld udp port 3580 unreachable 06:41:34.873900 htobecontrld > ournameserver: icmp: htobecontrld udp port 3811 unreachable 06:42:22.889204 htobecontrld > ournameserver: icmp: htobecontrld udp port 3810 unreachable 07:11:18.000575 htobecontrld > ournameserver: icmp: htobecontrld udp port 3882 unreachable 07:11:23.115720 htobecontrld > ournameserver: icmp: htobecontrld udp port 3883 unreachable 07:12:46.306956 htobecontrld > ournameserver: icmp: htobecontrld udp port 3885 unreachable 08:56:33.120855 htobecontrld > ournameserver: icmp: htobecontrld udp port 4070 unreachable 09:14:47.545636 htobecontrld > openview.rz.RWTH-Aachen.DE: icmp: htobecontrld udp port snmp unreachable 09:14:47.572354 htobecontrld > openview.rz.RWTH-Aachen.DE: icmp: htobecontrld udp port snmp unreachable 09:15:52.561994 htobecontrld > ournameserver: icmp: htobecontrld udp port 4102 unreachable 09:20:32.254100 htobecontrld > ournameserver: icmp: htobecontrld udp port nuts_dem unreachable 09:20:37.859208 htobecontrld > ournameserver: icmp: htobecontrld udp port nuts_bootp unreachable 09:20:47.399799 htobecontrld > ournameserver: icmp: htobecontrld udp port 4134 unreachable -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909140852.KAA40269>