From owner-freebsd-security  Mon Feb 15 04:33:55 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA28174
          for freebsd-security-outgoing; Mon, 15 Feb 1999 04:33:55 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged))
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA28169
          for <security@FreeBSD.ORG>; Mon, 15 Feb 1999 04:33:47 -0800 (PST)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id PAA09478; Mon, 15 Feb 1999 15:33:08 +0300 (MSK)
Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Mon, 15 Feb 1999 15:32:33 +0300
Received: from undisclosed-intranet-sender id xma013264; Mon, 15 Feb 99 15:32:17 +0300
Date: Mon, 15 Feb 1999 15:31:08 +0300
Message-Id: <199902151231.PAA16484@paranoid.eltex.spb.ru>
In-Reply-To: <199902121652.FAA14099@aniwa.sky> from "Andrew McNaughton <andrew@squiz.co.nz>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: packet from port 65535 to IMAP?
To: andrew@squiz.co.nz
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Got my whole network scanned this way too.

xxxx frequent check output for period since Feb 14 16:10 to Feb 14 17:10

Security Alerts summary
=-=-=-=-=-=-=-=-=-=-=-=
Feb 14 16:30:11 xxxx /kernel: securityalert: conn attempt to TCP x.y.z.me:143 from 209.218.208.120:65535

(warlords.net and similar one from asa.ca)

What was more interesting is SYN|FIN scan i got some days ago - i've never
seen something like that:

Security Warnings summary
=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 10 10:35:54 xxxx /kernel: securitywarning: orphan TCP packet on x.y.z.me:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN>

Is there any new imap vulnerability discovered?

Andrew McNaughton <andrew@squiz.co.nz> said :
 
> >From port 65535.  Anyone know what it's about?
> 
> 
> Feb 12 12:03:37 dawn /kernel: ipfw: 50010 Accept TCP them.them.them.them:65535 
> me.me.me.me:143 in via de0
 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNsgTiqH/mIJW9LeBAQG5iAP/RFo2jp124pbbbzVRD3Yi6Zf4zXL6eC2p
Ewn/dr4tU9983jT0LjdcQLdEUQFFTmfF8cwAV50JtrUMjLb5OK3PRIAvexBNWpfR
0u/anOmAMxCAFVlQIf8P3lktyFZA7ircL8YEOPx3reWcXWUFjBRSUgbmQ8jyFHqU
rqcV/TqJxWg=
=At7C
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message