From owner-freebsd-security Thu May 17 18:16:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from cs4.cs.ait.ac.th (cs4.cs.ait.ac.th [192.41.170.16]) by hub.freebsd.org (Postfix) with ESMTP id A8A7237B422 for ; Thu, 17 May 2001 18:16:37 -0700 (PDT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5]) by cs4.cs.ait.ac.th (8.9.3/8.9.3) with ESMTP id IAA08676; Fri, 18 May 2001 08:13:48 +0700 (GMT+0700) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.8.5/8.8.5) id IAA18654; Fri, 18 May 2001 08:16:32 +0700 (ICT) Date: Fri, 18 May 2001 08:16:32 +0700 (ICT) Message-Id: <200105180116.IAA18654@banyan.cs.ait.ac.th> X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f From: Olivier Nicole To: rsimmons@wlcg.com Cc: turtle@pyramus.com, freebsd-security@FreeBSD.ORG In-reply-to: (message from Rob Simmons on Thu, 17 May 2001 14:17:48 -0400 (EDT)) Subject: Re: Port 1023. References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: X-Loop: FreeBSD.org It seems 1023 could be NIS server. Olivier > Were you running any services on that port? The command "sockstat" should > tell you if there is anything listening on that port. If there is nothing > listening on the port, you don't have to worry about them poking at that > port. > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Thu, 17 May 2001, Bill Mitcheson wrote: > > > We noticed unauthorized activity yesterday. After investigating we found > > that there was someone coming in from Asia and they were trying to > > access port 1023. I could not find much info on that port and was > > wondering if anyone knows of that port, what common attacks to that port > > are, and how to stop future attacks? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message