From owner-freebsd-security  Fri Jan 22 10:54:57 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA22675
          for freebsd-security-outgoing; Fri, 22 Jan 1999 10:54:57 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA22659
          for <freebsd-security@FreeBSD.ORG>; Fri, 22 Jan 1999 10:54:52 -0800 (PST)
          (envelope-from danderse@cs.utah.edu)
Received: from torrey.cs.utah.edu (torrey.cs.utah.edu [155.99.212.91])
	by wrath.cs.utah.edu (8.8.8/8.8.8) with ESMTP id LAA18978;
	Fri, 22 Jan 1999 11:54:40 -0700 (MST)
Received: (from danderse@localhost)
	by torrey.cs.utah.edu (8.9.1/8.9.1) id LAA58328;
	Fri, 22 Jan 1999 11:54:39 -0700 (MST)
	(envelope-from danderse@cs.utah.edu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Fri, 22 Jan 1999 11:54:39 -0700 (MST)
From: "David G. Andersen" <danderse@cs.utah.edu>
To: "Oles' Hnatkevych" <gnut@uct.kiev.ua>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: rshd in messages
In-Reply-To: Oles' Hnatkevych's message of Fri, January 22 1999 <36A86BB1.FE6D238A@uct.kiev.ua>
References: <36A86BB1.FE6D238A@uct.kiev.ua>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <13992.51540.10896.239954@torrey.cs.utah.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


It's typically a sign that someone is port scanning your machine.
(for further information, do a web search on "nmap" or "strobe").

   -Dave

Lo and Behold, Oles' Hnatkevych said:
> Hello!
> 
> 
>   In /var/log/messages I got:
> 
> Jan 22 11:48:43 gw rshd[22105]: connection from 199.174.248.162 on
> illegal port 1093
> Jan 22 11:56:19 gw rshd[23778]: connection from 199.174.248.162 on
> illegal port 1204
> 
>   What it can be? Someone misspelled IP address?
> 
> -- 
> Best wishes,
> 
>     Oles Hnatkevych, http://gnut.kiev.ua
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
work: danderse@cs.utah.edu                     me:  angio@pobox.com
      University of Utah                            http://www.angio.net/
      Computer Science - Flux Research Group

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message