From owner-freebsd-questions Thu Jun 1 18:47:16 2000 Delivered-To: freebsd-questions@freebsd.org Received: from server.computeralt.com (server.computeralt.com [207.41.29.10]) by hub.freebsd.org (Postfix) with ESMTP id B5DA737B5E2 for ; Thu, 1 Jun 2000 18:47:12 -0700 (PDT) (envelope-from scott@computeralt.com) Received: from scott.computeralt.com (scott.computeralt.com [207.41.29.100]) by server.computeralt.com (8.9.3/8.9.1) with ESMTP id VAA28400 for ; Thu, 1 Jun 2000 21:47:11 -0400 (EDT) Message-Id: <4.3.1.2.20000601214655.0248db80@mail.computeralt.com> X-Sender: scott@mail.computeralt.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Thu, 01 Jun 2000 21:47:10 -0400 To: freebsd-questions@freebsd.org From: "Scott I. Remick" Subject: Ports 1077 and 50419? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I just watched a crapload of traffic occur between a dialup user and our FreeBSD box. Traffic was TCP between the dialup's port 1077 and the FreeBSD box's port 50419. Most of the traffic was from the FreeBSD box to the client and it pretty much flooded the connection. Eventually it stopped. I did some looking around and couldn't find anything that would use those ports. The closest was the fake "bosniffer" which is really BO in disguise, but from reading the way it works, this wasn't it . I was about to blindly block those ports for lack of any other solution, but then the traffic stopped. So I'll check with you guys first. Any thoughts? ----------------------- Scott I. Remick scott@computeralt.com Network and Information (802)388-7545 ext. 236 Systems Manager FAX:(802)388-3697 Computer Alternatives, Inc. http://www.computeralt.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message