From owner-freebsd-isp Sat Jul 8 17:58:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id B1B8B37BA97 for ; Sat, 8 Jul 2000 17:58:23 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 52440 invoked by uid 1000); 9 Jul 2000 00:58:17 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 9 Jul 2000 00:58:17 -0000 Date: Sat, 8 Jul 2000 20:58:16 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: "David W. DeTinne" Cc: freebsd-isp@freebsd.org Subject: Re: port 113(hack attack?) In-Reply-To: <200007081646540580.0158100A@web4.allunix.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Read this URL: http://www.robertgraham.com/pubs/firewall-seen.html That's just a simple identd request, not harmful. Matt On Sat, 8 Jul 2000, David W. DeTinne wrote: : : I have log_in_vain set in my rc.conf file. Ever since doing this : I have witnessed : all sorts of connection attempts to port 113, here are some : examples; : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2132 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2133 : Connection attempt to TCP 24.11.229.88:113 from : 130.236.254.50:61744 : Connection attempt to TCP 24.11.229.88:113 from : 130.236.254.50:61746 : Connection attempt to TCP 24.11.229.88:113 from : 131.220.43.1:3056 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2211 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2228 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2229 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2234 : Connection attempt to TCP 24.11.229.88:113 from : 216.190.128.200:2250 : Connection attempt to TCP 24.11.229.88:113 from : 209.161.0.33:2966 : Connection attempt to TCP 24.11.229.88:113 from : 203.178.141.212:4723 : The /etc/services file states that port 113 is used for a : Authentication Service? : My question is, what is happening here, is someone trying to : access my system or is this normal? : Thank You, : David DeTinne : : * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5Z84pdMMtMcA1U5ARArOzAJ4xuJ2sY/p+DOI3FX7j0i0skxPzfACfcI1l QcZU/YnbHpvFPOS5k0/2pqs= =0R5u -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message