From owner-freebsd-security  Tue Jul 25  0:42:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obelix.rby.hk-r.se (obelix.rby.hk-r.se [194.47.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id 76FC537B9BC
	for <security@freebsd.org>; Tue, 25 Jul 2000 00:42:14 -0700 (PDT)
	(envelope-from t98pth@obelix.rby.hk-r.se)
Received: from orc.rby.hk-r.se (orc [194.47.134.179])
	by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e6P7fib05871;
	Tue, 25 Jul 2000 09:41:55 +0200 (MEST)
Received: from localhost (t98pth@localhost)
	by orc.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e6P7fZ014344;
	Tue, 25 Jul 2000 09:41:35 +0200 (MET DST)
Date: Tue, 25 Jul 2000 09:41:34 +0200 (MET DST)
From: =?ISO-8859-1?Q?P=E4r_Thoren?= <t98pth@student.hk-r.se>
To: Stephen Hocking <shocking@houston.rr.com>
Cc: security@freebsd.org, sage-au@sage-au.org.au
Subject: Re: Script kiddies and their port scans
In-Reply-To: <200007242314.SAA01912@bloop.craftncomp.com>
Message-ID: <Pine.GSO.4.21.0007250924480.14065-100000@orc.rby.hk-r.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Mon, 24 Jul 2000, Stephen Hocking wrote:

> Checking the firewall logs I see various attempts to connect to rather un=
usual=20
> ports on my box - does anyone now what the following are?
>=20
>=20
> 27374
>=20
> 1243
>=20
> 98 - This comes up as TACNEWS in /etc/services


I have at least 4-5 of these scans for port 98 a week.

At least now I know it=B4s linuxconf they are sniffing for.

/ P=E4r



>=20
> 143 imap2
>=20
> Are the two unknown ones some BackOrifice port or part of the common back=
doors=20
> left behind by these twerps?
>=20
>=20
> =09Stephen
> --=20
>   The views expressed above are not those of PGS Tensor.
>=20
>     "We've heard that a million monkeys at a million keyboards could prod=
uce
>      the Complete Works of Shakespeare; now, thanks to the Internet, we k=
now
>      this is not true."            Robert Wilensky, University of Califor=
nia
>=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>=20



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message