From owner-freebsd-security Mon Jul 24 16:40:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from earth.wnm.net (earth.wnm.net [208.246.240.243]) by hub.freebsd.org (Postfix) with ESMTP id 3C5CB37B739 for ; Mon, 24 Jul 2000 16:40:40 -0700 (PDT) (envelope-from alex@wnm.net) Received: from localhost (alex@localhost) by earth.wnm.net (8.11.0/8.11.0) with ESMTP id e6ONfAh44141; Mon, 24 Jul 2000 18:41:10 -0500 (CDT) Date: Mon, 24 Jul 2000 18:41:10 -0500 (CDT) From: Alex Charalabidis To: Stephen Hocking Cc: security@FreeBSD.ORG, sage-au@sage-au.org.au Subject: Re: Script kiddies and their port scans In-Reply-To: <200007242314.SAA01912@bloop.craftncomp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 24 Jul 2000, Stephen Hocking wrote: > Checking the firewall logs I see various attempts to connect to rather unusual > ports on my box - does anyone now what the following are? > > > 27374 > Sub7 trojan > 1243 > Probably Sub7, some other backdoor tools too > 98 - This comes up as TACNEWS in /etc/services > Linuxconf. Many script kiddies look specifically for Linux boxen. > 143 imap2 > IMAP is, well IMAP. hth -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message