From owner-freebsd-isp  Sat Jul  8 16:44:47 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from web4.allunix.com (cc598076-a.chmchl1.ca.home.com [24.11.229.88])
	by hub.freebsd.org (Postfix) with ESMTP id 3D04E37B80E
	for <freebsd-isp@freebsd.org>; Sat,  8 Jul 2000 16:44:43 -0700 (PDT)
	(envelope-from dave@allunix.com)
Received: from dell (dhcp1.allunix.com [192.168.0.3])
	by web4.allunix.com (8.9.3/8.9.3) with ESMTP id QAA18954
	for <freebsd-isp@freebsd.org>; Sat, 8 Jul 2000 16:53:29 GMT
	(envelope-from dave@allunix.com)
Message-ID: <200007081646540580.0158100A@web4.allunix.com>
X-Mailer: Calypso Version 3.10.03.02 (3)
Date: Sat, 08 Jul 2000 16:46:54 -0700
Reply-To: dave@allunix.com
From: "David W. DeTinne" <dave@allunix.com>
To: freebsd-isp@freebsd.org
Subject: port 113(hack attack?)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====_96310001441=_"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--=====_96310001441=_
Content-Type: text/plain; charset="us-ascii"

I have log_in_vain set in my rc.conf file. Ever since doing this
I have witnessed
all sorts of connection attempts to port 113, here are some
examples;
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2132
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2133
Connection attempt to TCP 24.11.229.88:113 from
130.236.254.50:61744
Connection attempt to TCP 24.11.229.88:113 from
130.236.254.50:61746
Connection attempt to TCP 24.11.229.88:113 from
131.220.43.1:3056
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2211
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2228
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2229
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2234
Connection attempt to TCP 24.11.229.88:113 from
216.190.128.200:2250
Connection attempt to TCP 24.11.229.88:113 from
209.161.0.33:2966
Connection attempt to TCP 24.11.229.88:113 from
203.178.141.212:4723
The /etc/services file states that port 113 is used for a
Authentication Service?
My question is, what is happening here, is someone trying to
access my system or is this normal? 
Thank You,
David DeTinne


--=====_96310001441=_
Content-Type: text/html; charset="us-ascii"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff style="FONT-FAMILY: Georgia" text=#000000>
<DIV>I have log_in_vain set in my rc.conf file. Ever since doing this I have 
witnessed</DIV>
<DIV>all sorts of connection attempts to port 113, here are some examples;</DIV>
<DIV><FONT size=2>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966</P>
<P>Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723</P>
<P>The /etc/services file states that port 113 is used for a Authentication 
Service?</P>
<P>My question is, what is happening here, is someone trying to access my system 
or is this normal? </P>
<P>Thank You,</P>
<P>David DeTinne</P>
<P>&nbsp;</P>
<P>&nbsp;</P></FONT></DIV></BODY></HTML>


--=====_96310001441=_--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message