From owner-freebsd-security@FreeBSD.ORG Tue Sep 9 08:25:50 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25D9916A4BF; Tue, 9 Sep 2003 08:25:50 -0700 (PDT) Received: from ran.psg.com (ip166.usw12.rb1.bel.nwlink.com [209.20.253.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7995243FEC; Tue, 9 Sep 2003 08:25:49 -0700 (PDT) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=ran.psg.com) by ran.psg.com with esmtp (Exim 4.22) id 19wkNI-000BVo-Hp; Tue, 09 Sep 2003 08:25:48 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 9 Sep 2003 08:25:47 -0700 To: Ben Smithurst References: <20030909081309.GA22828@strontium.bh.smithurst.org> Message-Id: cc: freebsd-security@freebsd.org Subject: Re: is one of my hosts a scanner? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2003 15:25:50 -0000 >> seq my host victim(s) >> --- ---------------- --------------- >> 24) 192.168.0.2:1121 <--> 216.52.3.2:2703 >> 25) 192.168.0.2:1122 <--> 216.52.3.4:2703 >> 39) 192.168.0.2:1124 <--> 216.52.3.2:2703 > > Those hosts are at cloudmark.com, which gets used by > spamassassin (or some part of it). Port 2703 is Razor2 > - so > that fits as well. thanks. so tell me, why does the iana think port 2703 is sms-chat? i.e., why is the port used by razor2 not properly registered as a well known port? randy