From owner-freebsd-security Sat Jun 2 12:25: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by hub.freebsd.org (Postfix) with ESMTP id 3CE9337B423 for ; Sat, 2 Jun 2001 12:25:05 -0700 (PDT) (envelope-from lee@kechara.net) Received: from host213-122-122-105.btinternet.com ([213.122.122.105] helo=mail.btinternet.com) by tungsten.btinternet.com with smtp (Exim 3.03 #83) id 156H1D-0006vw-00 for freebsd-security@freebsd.org; Sat, 02 Jun 2001 20:25:03 +0100 Date: Sun, 3 Jun 2001 08:24:27 +0100 From: Lee Smallbone X-Mailer: The Bat! (v1.18 Christmas Edition) S/N 3FDB2AD8 Reply-To: Lee Smallbone Organization: Kechara Internet X-Priority: 3 (Normal) Message-ID: <13350.010603@kechara.net> To: freebsd-security@freebsd.org Subject: Re: Connections to ports > 1024 References: <3B193273.B87F743A@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org RS> Hello everyone, RS> thanks to all the ongoing discussions in this group I am learning a lot RS> about securing my freebsd box. RS> When looking through my daily security logs, I see the typical attempts RS> to connect to port 21, which I am rapidly getting used to. Along with RS> that I see attempts to connect with TCP on port 53 (I assume to break a RS> DNS server, like BIND?) - not that I have a DNS running on my systems. RS> What puzzles me more though is that more and more often I see connection attempts to ports >> 1024, like 8000, or 1080. RS> So, just because I am curious, are these people scanning for Trojans? RS> Should I just ignore it - the connections are dropped anyway - or is RS> there something more useful to do? 1080 is your common wingate/proxy port, people are most likely scanning class C subnets for open wingates to use. According to /etc/services, 8000 is for gicq (an ICQ clone?) If you're not running anything on these ports, I wouldn't be too concerned. Best Regards, Lee Smallbone +----------------------------------------------+ | Kechara Internet - Global Reach, Local Touch | +----------------------------------------------+ | Sales: 0800 138 7727 | Support: 01243 869969 | | sales@kechara.net | support@kechara.net | | web: www.kechara.net | Intl: +44 1243 869969 | +----------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message