From owner-freebsd-security Sun Oct 10 13:38: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id A054214CEA for ; Sun, 10 Oct 1999 13:37:53 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.9.3/8.9.3) with SMTP id OAA06537; Sun, 10 Oct 1999 14:37:52 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id OAA11369; Sun, 10 Oct 1999 14:37:51 -0600 Date: Sun, 10 Oct 1999 14:37:51 -0600 Message-Id: <199910102037.OAA11369@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Port 31789 scanning and ... In-Reply-To: <19991010073125.93991.qmail@hotmail.com> References: <19991010073125.93991.qmail@hotmail.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@mt.sri.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 1) I have IPFW and by studying its daily logs I found out that somebody > scans the port 31789 of all the servers and even clients in my network. What > can be potentially found on this port? If it's a UDP packet, it's probably someone running traceroute. > 2) There was another log entry in the log files which makes no sense for me. > That is as the follow: > > Oct 9 23:21:43 firewall /kernel: ipfw: 147 Deny TCP Y.Y.Y.Y X.X.X.X in via > ed1 Fragment = 147 This happens with buggy stacks, and is common. I see it often from my Win95 boxes.... Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message