Date: Sun, 29 Aug 1999 00:32:01 -0700 From: dmp@aracnet.com To: freebsd-questions@freebsd.org Subject: 10net-source connects to ports 1492 and 1436? Message-ID: <37C8E1F1.EE9BB929@aracnet.com>
next in thread | raw e-mail | index | archive | help
I wasn't sure if this was worthy of freebsd-security, let me know if it is. Going over the day's logs, I found the following entries from my gateway in /var/log/messages: Aug 28 09:54:34 gw /kernel: ipfw: 700 Deny TCP 10.1.65.16:80 x.x.x.x:1436 in via ep0 Aug 28 09:55:19 gw last message repeated 5 times Aug 28 09:56:07 gw /kernel: ipfw: 700 Deny TCP 10.1.65.16:80 x.x.x.x:1436 in via ep0 Aug 28 10:00:55 gw last message repeated 2 times Aug 28 10:05:13 gw /kernel: ipfw: 700 Deny TCP 10.1.65.17:80 x.x.x.x:1492 in via ep0 Aug 28 10:05:34 gw last message repeated 4 times Aug 28 10:06:46 gw last message repeated 2 times Aug 28 10:11:34 gw last message repeated 2 times ep0 is the interface to the internet I've got an okay understanding that the "attacker" was supposedly posing as a web server and preventing a trace with an unroutable IP. But I don't get the significance of TCP 1436 and 1492. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37C8E1F1.EE9BB929>