From owner-freebsd-security Thu Jan 21 10:42:19 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA10381 for freebsd-security-outgoing; Thu, 21 Jan 1999 10:42:19 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from elmls02.ce.mediaone.net (elmls02.ce.mediaone.net [24.131.128.27]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA10376 for ; Thu, 21 Jan 1999 10:42:17 -0800 (PST) (envelope-from anthony@enteract.com) Received: from enteract.com (d152-173.ce.mediaone.net [24.131.152.173]) by elmls02.ce.mediaone.net (8.8.7/8.8.7) with ESMTP id MAA29101; Thu, 21 Jan 1999 12:42:03 -0600 (CST) Message-ID: <36A773CB.166983C@enteract.com> Date: Thu, 21 Jan 1999 12:36:59 -0600 From: Anthony Kim Organization: deus ex machina X-Mailer: Mozilla 4.5 [en] (Win98; U) X-Accept-Language: zh-TW,en MIME-Version: 1.0 To: andrew@squiz.co.nz CC: "security@FreeBSD.ORG" Subject: Re: TCP port question IPFW References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've tried the well known services. Nothing doing. Why people bother -- I've no important data -- that's what I'd like to know. Andrew McNaughton wrote: > > > I'm sort of annoyed...there is some IP who is constantly filling up my > > ipfw logs with TCP port 1719 attempts daily. The hours are late in the > > If you're annoyed by the log entries, but not concerned by them, then > don't log entries from their IP to that port. Among other things, this > sort of practice makes it more likely you'll see important log info. > Logging too much is a bad thing. OTOH, it can clutter your firewall > ruleset. > > > evening until around 2am, then it begins again shortly after 6pm (he or > > she must have come home from work and felt like bugging me). More > > recently I see requests for TCP port 1106 in my logs as well from them. > > A quick search on the web showed 1719 was h323gatestat. Can someone tell > > me what that is? I didn't find anything on TCP port 1106 either. Any > > info is greatly appreciated. Also, anyway I can track this person down? > > traceroute works but no hostname returns. > > You might be able to identify their service provider from other entries in > the traceroute. Also, doing a reverse lookup on other IP's in the same > class C network often clarifies who owns the network. > > It's often possible to connect to services like telnet, smtp, ftp and get > a machine name. This basically ammounts to a localised port scan. It's > easily justified, but I wonder if people ever get into trouble with their > ISP's as a result of it. > > Andrew > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- SYSADMIN(1) sysadmin takes care of everything, is generally harangued, must be supplied with coffee, chocolate, and alcohol in order to function properly, cannot be exposed to direct sunlight, and must not be allowed to have a life. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message