Security Incidents mailing list archives
Re: Port 65535
From: bejtlich () TEXAS NET (Richard Bejtlich)
Date: Sat, 4 Mar 2000 17:36:44 -0000
Hi Mike, Is the activity confined to only the indicated source and dest IPs? Do you have any way to see what flags are set on these packets? Richard ----- Feb 29 07:12:25 firepower kernel: Packet log: private1 DENY eth0 PROTO=6 192.115.221.125:65535 207.245.232.127:65535 L=28 S=0x00 I=15817 F=0x00B8 T=47 (#7) Feb 29 07:14:25 firepower kernel: Packet log: private1 DENY eth0 PROTO=6 192.115.221.125:65535 207.245.232.127:65535 L=28 S=0x00 I=16104 F=0x00B8 T=47 (#7) When it's happening, it sends out a packet to our machine exactly every two minutes. Anybody have any idea on this one? Mike
Current thread:
- CNET Hackers hit e-commerce site, (continued)
- CNET Hackers hit e-commerce site Vincent Lee (Mar 02)
- UDP Probes (?) from port 28432 to 28431 ? Xander Jansen (Mar 04)
- Re: UDP Probes (?) from port 28432 to 28431 ? Alexander Schreiber (Mar 07)
- UDP Probes (?) from port 28432 to 28431 ? Klaus Moeller (Mar 07)
- Re: UDP Probes (?) from port 28432 to 28431 ? Xander Jansen (Mar 09)
- Re: CNET Hackers hit e-commerce site Chris Davis (Mar 04)
- Port 65535 Murray, Mike (Mar 02)
- @home: Is *anyone* really home there??? (fwd) Light Of Day (Mar 04)
- Re: Port 65535 Pavel Kankovsky (Mar 04)
- Re: Port 65535 Murray, Mike (Mar 04)
- Re: Port 65535 Richard Bejtlich (Mar 04)
- Re: Port 65535 Keith Pachulski (Mar 06)
- Re: auto-reporting to ISPs wozz () LUVEWE BONCH ORG (Mar 02)
- Re: auto-reporting to ISPs Stuart Staniford-Chen (Mar 06)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)