From owner-freebsd-security  Sun Sep 23  9:25:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from tomts9-srv.bellnexxia.net (tomts9.bellnexxia.net [209.226.175.53])
	by hub.freebsd.org (Postfix) with ESMTP id B12AC37B40B
	for <security@freebsd.org>; Sun, 23 Sep 2001 09:25:25 -0700 (PDT)
Received: from unios.dhs.org ([209.226.99.101])
          by tomts9-srv.bellnexxia.net
          (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP
          id <20010923162519.OBGZ1679.tomts9-srv.bellnexxia.net@unios.dhs.org>
          for <security@freebsd.org>; Sun, 23 Sep 2001 12:25:19 -0400
Message-ID: <3BAE0D83.41ACBF7B@unios.dhs.org>
Date: Sun, 23 Sep 2001 12:27:47 -0400
From: Pat Wendorf <beholder@unios.dhs.org>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: security@freebsd.org
Subject: Identify this exploit
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I notice I get nearly 100 messages a day from my LOG_IN_VAIN rc.conf
option.  Many of which, for the past few months has been connection
attempts to TCP port 2000, as seen here:

> Connection attempt to TCP 209.226.99.101:2000 from 216.104.103.95:1169

I'm not much up on my exploits, which one is this?

-- 

Pat Wendorf

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message