From owner-freebsd-security Fri May 21 1:39:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (Postfix) with ESMTP id 1271B15958 for ; Fri, 21 May 1999 01:39:26 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon.acadiau.ca (dragon.acadiau.ca [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with ESMTP id FAA24439; Fri, 21 May 1999 05:38:04 -0300 (ADT) Received: from localhost (026809r@localhost) by dragon.acadiau.ca (8.8.8+Sun/8.8.8) with ESMTP id FAA01717; Fri, 21 May 1999 05:38:01 -0300 (ADT) Date: Fri, 21 May 1999 05:38:01 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: Greg Quinlan Cc: freebsd-security@FreeBSD.ORG Subject: Re: Server trying to connect to Port 113 In-Reply-To: <001f01bea364$57d9c820$380051c2@greg.qmpgmc.ac.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 21 May 1999, Greg Quinlan wrote: > Can someone explain what this remote system is trying to do? > > May 21 09:22:14 amanda /kernel: ipfw: 24110 Deny TCP :1937 ip>:113 in via fxp1 > May 21 09:22:35 amanda last message repeated 3 times Quite possibly, the remote machine is running tcp wrappers or some other such thing and it's causing it to try a ident query when a connection is made. Something like that. For more info, log the packets. You'd probably find that they are normal "ident" packets... -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message