Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Mar 2000 23:16:57 +0100
From:      David Malone <dwmalone@maths.tcd.ie>
To:        Jeff Hamilton <hjeffrey@hotmail.com>
Cc:        freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: /etc/hosts.allow
Message-ID:  <20000328231657.A9744@walton.maths.tcd.ie>
In-Reply-To: <20000328212418.44269.qmail@hotmail.com>; from hjeffrey@hotmail.com on Tue, Mar 28, 2000 at 01:24:18PM -0800
References:  <20000328212418.44269.qmail@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 28, 2000 at 01:24:18PM -0800, Jeff Hamilton wrote:

> >My guess is that the portmapper is getting a tcp connection, which the
> >remote end closes almost immediately. Then when the wrapping code goes
> >to to dup the discriptor which is supposed to be connected it finds it
> >is unconnected.
> 
> Could this possibly be an indicator of a port scan or other exploit attempt? 
>   Is there anyway to trace the IP address that originated the connection?

If my guess was right, there is a good chance it could be a portscan.
Tracing the IP address is probably a bit harder. I'll experiment at
home and see if I can reproduce this.

	David.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328231657.A9744>