From owner-freebsd-security Sun Sep 23 9:32:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by hub.freebsd.org (Postfix) with ESMTP id 5FA6437B416 for ; Sun, 23 Sep 2001 09:32:29 -0700 (PDT) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id JAA20916 for ; Sun, 23 Sep 2001 09:32:27 -0700 (PDT) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id f8NGUMA11199 for ; Sun, 23 Sep 2001 09:30:24 -0700 (PDT) (envelope-from greg@thistle.bogs.org) Message-Id: <200109231630.f8NGUMA11199@thistle.bogs.org> To: security@FreeBSD.ORG X-To: Pat Wendorf X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: Identify this exploit In-reply-to: Your message of "Sun, 23 Sep 2001 12:27:47 EDT." <3BAE0D83.41ACBF7B@unios.dhs.org> Reply-To: gkshenaut@ucdavis.edu Date: Sun, 23 Sep 2001 09:30:22 -0700 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <3BAE0D83.41ACBF7B@unios.dhs.org>, Pat Wendorf cleopede: >I notice I get nearly 100 messages a day from my LOG_IN_VAIN rc.conf >option. Many of which, for the past few months has been connection >attempts to TCP port 2000, as seen here: > >> Connection attempt to TCP 209.226.99.101:2000 from 216.104.103.95:1169 > >I'm not much up on my exploits, which one is this? In my /etc/services file, port 2000 is something known as "callbook", but I don't know what that is. Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message