From owner-freebsd-security Sun Nov 25 12:58:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from poontang.schulte.org (poontang.schulte.org [209.134.156.197]) by hub.freebsd.org (Postfix) with ESMTP id 8E9DD37B405 for ; Sun, 25 Nov 2001 12:58:20 -0800 (PST) Received: from tarmap.schulte.org (tarmap.schulte.org [209.134.156.198]) by poontang.schulte.org (Postfix) with ESMTP id 6322ED1598; Sun, 25 Nov 2001 14:58:19 -0600 (CST) Message-Id: <5.1.0.14.0.20011125145704.02da3748@pop.schulte.org> X-Sender: schulte@pop.schulte.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 25 Nov 2001 14:58:18 -0600 To: "Drew Tomlinson" , From: Christopher Schulte Subject: Re: Port 1214 - Is It Used For A Specific Purpose? In-Reply-To: <003001c175c3$0c81a4e0$0b01a8c0@lc.ca.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://www.incidents.org/archives/intrusions/msg01930.html came up when I did a little searching. At 07:08 AM 11/25/2001 -0800, Drew Tomlinson wrote: >I was looking over my firewall logs this morning and noticed that there >are many attempts to connect to TCP port 1214 from different addresses. >I've searched the web but found no specific mention of any standard >purpose for this port. I suppose this is some sort of scan but was just >wondering if anyone knows exactly what this is? > >I included a snip of my log from two complete attempts. It's probably >more than is needed but I thought maybe someone might see a pattern that >I'm missing. > >Thanks, > >Drew -- Christopher Schulte christopher@schulte.org http://noc.schulte.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message