Date: Tue, 9 Apr 1996 09:36:39 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-current@FreeBSD.org (FreeBSD-current users) Subject: Re: routed delete my PPP default: how to fight it? Message-ID: <199604090736.JAA08067@uriah.heep.sax.de> In-Reply-To: <199604090621.XAA03064@silvia.HIP.Berkeley.EDU> from "Satoshi Asami" at Apr 8, 96 11:21:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Satoshi Asami wrote: > Here's all the stuff that's in the kernel's message buffer. It > doesn't overflow anything, it happens only intermittently (this many > in ~2 days). By the way, 3128 is the port for the HTTP proxy running > on another machine (128.32.38.224), it could have something to do with > me running netscape during these times. > Connection attempt to TCP 136.152.64.181:113 from 136.152.64.181:60781 > Connection attempt to TCP 136.152.64.181:113 from 136.152.64.181:3818 That's ``auth''. I've always wondered at my machine at work (where i tcpdump all traffic that's going through the Internet router) who is connecting to this port. It's also somehow related to sendmail. Does anybody know more about ``auth''? > Connection attempt to UDP 136.152.64.181:1624 from 136.152.64.181:53 > Connection attempt to UDP 136.152.64.181:1625 from 136.152.64.181:53 > Connection attempt to UDP 136.152.64.181:1626 from 136.152.64.181:53 > Connection attempt to UDP 136.152.64.181:1645 from 136.152.64.181:53 > Connection attempt to UDP 136.152.64.181:1647 from 136.152.64.181:53 Looks like a reply for a DNS query, where the querying process has been terminated before the answer arrived. Traceroute attempts should cause a similar pattern, but with higher portnumbers. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604090736.JAA08067>