Date: Fri, 25 May 2001 19:40:56 +0100 From: David Taylor <davidt@yadt.co.uk> To: Matt Dillon <dillon@earth.backplane.com> Subject: Re: 'nother IPFW question Message-ID: <20010525194056.A19706@gattaca.yadt.co.uk> In-Reply-To: <200105251828.f4PIS1Y41320@earth.backplane.com>; from dillon@earth.backplane.com on Fri, May 25, 2001 at 11:28:01 -0700 References: <3B0EA2AE.5B00EB2@gmx.net> <200105251828.f4PIS1Y41320@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, 25 May 2001, Matt Dillon wrote: >=20 > :IPFW caught a TCP packet leaving my port 1119 going to another port 113 > :I am a little worried about this, since there is nothing running on my > :machine on 1119 that I know of. > : > :Is there a good way of finding out what is sending on port 1119? I am > :only learning about securing my box, and it is hard to find all the info > :I need. > : > :Thank you so much, > : > :Raoul >=20 > Sounds like one of your users simply ran a pop based mail program. >=20 Wrong port, I think :) POP is 110. 113 is auth. Sounds like someone on a remote server connected to some port on your box, which tried to perform an ident lookup... As for what is 'sending on port 1119', ports which are used on the local end of outgoing connections are essentially random, and are allocated by the kernel when you try to create an outgoing connection. --=20 David Taylor davidt@yadt.co.uk --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7Dqc4fIqKXSsJ/xERAoEaAJ4iv6KoeIDJi3/1ELPREbz7sRml9wCgm/k7 JJyLliwHj/Y3vW8x3/IUWb0= =bw86 -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010525194056.A19706>