Security Incidents mailing list archives
Port 65535, again
From: hektor () RZ RWTH-AACHEN DE (Jens Hektor)
Date: Thu, 6 Apr 2000 08:03:03 -0000
Hi, we had this thread already in February but the answers to this problem were a bit vague. So another chance to clearify this: more than one month later, same (and an other one) source machine(s), same signature. Apr 3 10:01:09 X.Y kernel: Packet log: input REJECT eth1 PROTO=6 209.1.224.16:65535 134.130.X.Y:65535 L=52 S=0x00 I=5405 F=0x0093 T=237 (#106) Apr 5 15:43:24 X.Y kernel: Packet log: input REJECT eth1 PROTO=6 192.115.221.125:65535 134.130.X.Y:65535 L=28 S=0x00 I=18772 F=0x00B8 T=50 (#106) In contrast to the older case, these packets do not come very regular every 2 minutes, though sometimes there is an exactly 2-minute time-distance. The destination was exactly one machine (X.Y). Bye, Jens
Feb 29 07:12:25 firepower kernel: Packet log: private1 DENY eth0 PROTO=6 192.115.221.125:65535 207.245.232.127:65535 L=28 S=0x00 I=15817 F=0x00B8 T=47 (#7)
Current thread:
- Port 65535, again Jens Hektor (Apr 06)
- Re: Port 65535, again vventura () SIA PT (Apr 11)