Date: Mon, 5 Aug 2002 01:46:18 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-security@FreeBSD.org Subject: port 6112 ? Message-ID: <Pine.BSF.3.96.1020805010404.7929A-100000@gaia.nimnet.asn.au>
next in thread | raw e-mail | index | archive | help
I'd been seeing lots of widely sourced, irregular scans over our public
subnet for TCP port 6112 ('dtspcd'?), along with some other ports that
are also being scanned semi-regularly, including 1524 (ingreslock, more
likely pcserver trojan) and TCP 17300 (?) along with bucketloads of TCP
1433 (ms-sql-s) .. as does everyone else, I guess.
I recently added ipfw rules to separate these out from the general
(denied) cruft, so as not to blow out the log limiting and thus
obscuring the more interesting stuff,
Today I notice a dialup user getting and sending UDP packets on 6112,
with various IPs; looks to be a fairly steady stream of in- and outbound
traffic at about 800cps each way over, say, half-hour sessions.
Game, trojan, or yet another messenger type thing?
I've already checked http://www.robertgraham.com/pubs/firewall-seen.html
Cheers, Ian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1020805010404.7929A-100000>