Security Incidents mailing list archives
Re: Keep connecting to remote host on port 7869
From: Luis Bruno <lbruno () zbit pt>
Date: Sat, 26 Oct 2002 09:30:47 +0000
Frank Cheong wrote:
My redhat linux mail host keeps connecting to other remote host quite frequently on remote port 7869. [snip] Below is the firewall log (IP address being modified) : 10/23/2002 11:13:36.640 - TCP connection dropped - Source:123.123.123.123, 51321, LAN - Destination:234.234.234.234, 7869, WAN - Type: 786 - Rule 66
If your frewall drops the connection thru a TCP RST, change it so that it silently drops the packets. This will make the linux box hang waiting for a timeout. Then execute: netstat -tanp | grep <port> on the linux box, where <port> is the source port you see in the Source: line on your firewall logs. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Keep connecting to remote host on port 7869 Frank Cheong (Oct 25)
- Re: Keep connecting to remote host on port 7869 Anthony LaMantia (Oct 26)
- Re: Keep connecting to remote host on port 7869 Luis Bruno (Oct 26)
- <Possible follow-ups>
- Re: Keep connecting to remote host on port 7869 Frank Cheong (Oct 27)