From owner-freebsd-security  Thu May 17 12: 1:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from stella.pyramus.com (stella.pyramus.com [206.129.206.3])
	by hub.freebsd.org (Postfix) with ESMTP id CCE6537B423
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 May 2001 12:01:07 -0700 (PDT)
	(envelope-from turtle@pyramus.com)
Received: from pyramus.com (jerry.pyramus.com [206.129.206.8])
	by stella.pyramus.com (8.9.3/8.9.3) with ESMTP id MAA63722
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 May 2001 12:04:14 -0700 (PDT)
	(envelope-from turtle@pyramus.com)
Message-ID: <3B042085.39247322@pyramus.com>
Date: Thu, 17 May 2001 12:03:33 -0700
From: Bill Mitcheson <turtle@pyramus.com>
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@FreeBSD.ORG
Subject: New info on our Port 1023 problem.
References: <Pine.BSF.4.21.0105171414450.12195-100000@mail.wlcg.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I ran sockstat and came up with the following:

root     ypserv     117    5 tcp    *.1023                *.*

Ypserv was also running on a couple of other ports as UDP instead of TCP. Is
this bad?

Rob Simmons wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Were you running any services on that port?  The command "sockstat" should
> tell you if there is anything listening on that port.  If there is nothing
> listening on the port, you don't have to worry about them poking at that
> port.
>
> Robert Simmons
> Systems Administrator
> http://www.wlcg.com/
>
> On Thu, 17 May 2001, Bill Mitcheson wrote:
>
> > We noticed unauthorized activity yesterday. After investigating we found
> > that there was someone coming in from Asia and they were trying to
> > access port 1023. I could not find much info on that port and was
> > wondering if anyone knows of that port, what common attacks to that port
> > are,  and how to stop future attacks?
> >
> > Bill Mitcheson.
> > Network Administrator,
> > Pyramus Online.
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.5 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7BBXQv8Bofna59hYRAwgNAJ0WjqRSOsNgHibg59s7JJjPOovwAACeNExx
> xntXYcmqMvzu6ER22/biI5I=
> =WrEW
> -----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message