Date: Sat, 08 Jul 2000 16:46:54 -0700 From: "David W. DeTinne" <dave@allunix.com> To: freebsd-isp@freebsd.org Subject: port 113(hack attack?) Message-ID: <200007081646540580.0158100A@web4.allunix.com>
next in thread | raw e-mail | index | archive | help
--=====_96310001441=_ Content-Type: text/plain; charset="us-ascii" I have log_in_vain set in my rc.conf file. Ever since doing this I have witnessed all sorts of connection attempts to port 113, here are some examples; Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746 Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250 Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966 Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723 The /etc/services file states that port 113 is used for a Authentication Service? My question is, what is happening here, is someone trying to access my system or is this normal? Thank You, David DeTinne --=====_96310001441=_ Content-Type: text/html; charset="us-ascii" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="MSHTML 5.00.2614.3500" name=GENERATOR></HEAD> <BODY bgColor=#ffffff style="FONT-FAMILY: Georgia" text=#000000> <DIV>I have log_in_vain set in my rc.conf file. Ever since doing this I have witnessed</DIV> <DIV>all sorts of connection attempts to port 113, here are some examples;</DIV> <DIV><FONT size=2> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133</P> <P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744</P> <P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746</P> <P>Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250</P> <P>Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966</P> <P>Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723</P> <P>The /etc/services file states that port 113 is used for a Authentication Service?</P> <P>My question is, what is happening here, is someone trying to access my system or is this normal? </P> <P>Thank You,</P> <P>David DeTinne</P> <P> </P> <P> </P></FONT></DIV></BODY></HTML> --=====_96310001441=_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007081646540580.0158100A>