Date: Mon, 15 Feb 1999 15:31:08 +0300 From: ark@eltex.ru To: andrew@squiz.co.nz Cc: security@FreeBSD.ORG Subject: Re: packet from port 65535 to IMAP? Message-ID: <199902151231.PAA16484@paranoid.eltex.spb.ru> In-Reply-To: <199902121652.FAA14099@aniwa.sky> from "Andrew McNaughton <andrew@squiz.co.nz>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Got my whole network scanned this way too.
xxxx frequent check output for period since Feb 14 16:10 to Feb 14 17:10
Security Alerts summary
=-=-=-=-=-=-=-=-=-=-=-=
Feb 14 16:30:11 xxxx /kernel: securityalert: conn attempt to TCP x.y.z.me:143 from 209.218.208.120:65535
(warlords.net and similar one from asa.ca)
What was more interesting is SYN|FIN scan i got some days ago - i've never
seen something like that:
Security Warnings summary
=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 10 10:35:54 xxxx /kernel: securitywarning: orphan TCP packet on x.y.z.me:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN>
Is there any new imap vulnerability discovered?
Andrew McNaughton <andrew@squiz.co.nz> said :
> >From port 65535. Anyone know what it's about?
>
>
> Feb 12 12:03:37 dawn /kernel: ipfw: 50010 Accept TCP them.them.them.them:65535
> me.me.me.me:143 in via de0
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNsgTiqH/mIJW9LeBAQG5iAP/RFo2jp124pbbbzVRD3Yi6Zf4zXL6eC2p
Ewn/dr4tU9983jT0LjdcQLdEUQFFTmfF8cwAV50JtrUMjLb5OK3PRIAvexBNWpfR
0u/anOmAMxCAFVlQIf8P3lktyFZA7ircL8YEOPx3reWcXWUFjBRSUgbmQ8jyFHqU
rqcV/TqJxWg=
=At7C
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902151231.PAA16484>