From owner-freebsd-security Sat Jun 2 12:41: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from alpha.netvision.net.il (alpha.netvision.net.il [194.90.1.13]) by hub.freebsd.org (Postfix) with ESMTP id C8A2A37B422 for ; Sat, 2 Jun 2001 12:40:58 -0700 (PDT) (envelope-from lirandb@netvision.net.il) Received: from a ([213.57.143.184]) by alpha.netvision.net.il (8.9.3/8.8.6) with SMTP id WAA25172 for ; Sat, 2 Jun 2001 22:40:57 +0300 (IDT) Message-ID: <002c01c0eba3$d6a4e020$b88f39d5@a> From: "Liran Dahan" To: References: <3B193273.B87F743A@gmx.net> Subject: Re: Connections to ports > 1024 Date: Sat, 2 Jun 2001 22:37:27 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes I agree with Lee, I don't think you have any specific reason to be worried, though if it is bothering you so much, put an speific IPFW/IPF rules for these ports, or maybe if you can see that these connections are being attemped by a Static IP User/s, you may block him/them as well, or maybe add an special route command to deny them. Buttom line I wouldn't be so worried about it. (Allthough I'm *paranoid*) Best Regards, Liran Dahan (lirandb@netvision.net.il) ----- Original Message ----- From: "Raoul Schroeder" To: "FreeBSD Security" Sent: Saturday, June 02, 2001 8:37 PM Subject: Connections to ports > 1024 > Hello everyone, > > thanks to all the ongoing discussions in this group I am learning a lot > about securing my freebsd box. > When looking through my daily security logs, I see the typical attempts > to connect to port 21, which I am rapidly getting used to. Along with > that I see attempts to connect with TCP on port 53 (I assume to break a > DNS server, like BIND?) - not that I have a DNS running on my systems. > What puzzles me more though is that more and more often I see connection > attempts to ports > 1024, like 8000, or 1080. > So, just because I am curious, are these people scanning for Trojans? > Should I just ignore it - the connections are dropped anyway - or is > there something more useful to do? > > Thanks, > > Raoul > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message