Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 May 2001 19:40:56 +0100
From:      David Taylor <davidt@yadt.co.uk>
To:        Matt Dillon <dillon@earth.backplane.com>
Subject:   Re: 'nother IPFW question
Message-ID:  <20010525194056.A19706@gattaca.yadt.co.uk>
In-Reply-To: <200105251828.f4PIS1Y41320@earth.backplane.com>; from dillon@earth.backplane.com on Fri, May 25, 2001 at 11:28:01 -0700
References:  <3B0EA2AE.5B00EB2@gmx.net> <200105251828.f4PIS1Y41320@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, 25 May 2001, Matt Dillon wrote:
>=20
> :IPFW caught a TCP packet leaving my port 1119 going to another port 113
> :I am a little worried about this, since there is nothing running on my
> :machine on 1119 that I know of.
> :
> :Is there a good way of finding out what is sending on port 1119? I am
> :only learning about securing my box, and it is hard to find all the info
> :I need.
> :
> :Thank you so much,
> :
> :Raoul
>=20
>      Sounds like one of your users simply ran a pop based mail program.
>=20

Wrong port, I think :)

POP is 110.

113 is auth.

Sounds like someone on a remote server connected to some port on your box,
which tried to perform an ident lookup...

As for what is 'sending on port 1119', ports which are used on the local end
of outgoing connections are essentially random, and are allocated by the
kernel when you try to create an outgoing connection.

--=20
David Taylor
davidt@yadt.co.uk

--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7Dqc4fIqKXSsJ/xERAoEaAJ4iv6KoeIDJi3/1ELPREbz7sRml9wCgm/k7
JJyLliwHj/Y3vW8x3/IUWb0=
=bw86
-----END PGP SIGNATURE-----

--RnlQjJ0d97Da+TV1--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010525194056.A19706>