From owner-freebsd-security Sat Jun 2 11:34: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from kottan-labs.bgsu.edu (kottan-labs.bgsu.edu [129.1.148.220]) by hub.freebsd.org (Postfix) with SMTP id A65BC37B422 for ; Sat, 2 Jun 2001 11:34:06 -0700 (PDT) (envelope-from memphis_ms@gmx.net) Received: (qmail 23013 invoked from network); 2 Jun 2001 14:35:52 -0400 Received: from raoul.bgsu.edu (HELO gmx.net) (129.1.148.16) by kottan-labs.bgsu.edu with RC4-MD5 encrypted SMTP; 2 Jun 2001 14:35:52 -0400 Message-ID: <3B193273.B87F743A@gmx.net> Date: Sat, 02 Jun 2001 14:37:39 -0400 From: Raoul Schroeder X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Security Subject: Connections to ports > 1024 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello everyone, thanks to all the ongoing discussions in this group I am learning a lot about securing my freebsd box. When looking through my daily security logs, I see the typical attempts to connect to port 21, which I am rapidly getting used to. Along with that I see attempts to connect with TCP on port 53 (I assume to break a DNS server, like BIND?) - not that I have a DNS running on my systems. What puzzles me more though is that more and more often I see connection attempts to ports > 1024, like 8000, or 1080. So, just because I am curious, are these people scanning for Trojans? Should I just ignore it - the connections are dropped anyway - or is there something more useful to do? Thanks, Raoul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message