From owner-freebsd-security  Fri May 25 11:29:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gyw.com (gyw.com [209.55.67.177])
	by hub.freebsd.org (Postfix) with ESMTP id 8F77037B423
	for <freebsd-security@FreeBSD.ORG>; Fri, 25 May 2001 11:29:18 -0700 (PDT)
	(envelope-from tjk@tksoft.com)
Received: from smtp3.tksoft.com (smtp3.tksoft.com [192.168.50.56] (may be forged))
	by gyw.com (8.8.8/8.8.8) with ESMTP id KAA23734;
	Fri, 25 May 2001 10:28:39 -0700
Received: (from tjk@tksoft.com)
	by smtp3.tksoft.com (8.8.8/8.8.8) id KAA32060;
	Fri, 25 May 2001 10:22:07 -0700
From: "tjk@tksoft.com" <tjk@tksoft.com>
Message-Id: <200105251722.KAA32060@smtp3.tksoft.com>
Subject: Re: 'nother IPFW question
To: memphis_ms@gmx.net (Raoul Schroeder)
Date: Fri, 25 May 2001 10:22:06 -0700 (PDT)
Cc: freebsd-security@FreeBSD.ORG (FreeBSD Security)
In-Reply-To: <no.id> from "Raoul Schroeder" at May 25, 2001 02:21:34 PM
X-Info: None
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Raoul,

1119 was probably a randomly selected port for the outgoing
connection. Try connecting to a web server somewhere. You will always
get a different port on your local side.

Port 113 is authd. Therefore, if you have sendmail running on your
machine, the query was most likely generated by sendmail as it was trying
establish the identity of a sender from the remote machine. (sendmail
always tries authd first. Failure to connect is not fatal.)

lsof will tell you what application is using the port.  
lsof -i tcp:1119


Troy


> 
> IPFW caught a TCP packet leaving my port 1119 going to another port 113
> I am a little worried about this, since there is nothing running on my
> machine on 1119 that I know of.
> 
> Is there a good way of finding out what is sending on port 1119? I am
> only learning about securing my box, and it is hard to find all the info
> I need.
> 
> Thank you so much,
> 
> Raoul
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message