From owner-freebsd-security Sun Aug 9 12:02:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA11111 for freebsd-security-outgoing; Sun, 9 Aug 1998 12:02:25 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tok.qiv.com (tok.qiv.com [205.238.142.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA11092 for ; Sun, 9 Aug 1998 12:02:21 -0700 (PDT) (envelope-from jdn@acp.qiv.com) Received: (from uucp@localhost) by tok.qiv.com (8.8.8/8.8.5) with UUCP id OAA05729; Sun, 9 Aug 1998 14:01:58 -0500 (CDT) Received: from localhost (jdn@localhost) by acp.qiv.com (8.8.8/8.8.8) with SMTP id OAA01320; Sun, 9 Aug 1998 14:01:34 -0500 (CDT) (envelope-from jdn@acp.qiv.com) Date: Sun, 9 Aug 1998 14:01:33 -0500 (CDT) From: Jay Nelson To: sthaug@nethelp.no cc: freebsd-security@FreeBSD.ORG Subject: Re: What are these connect attempts? In-Reply-To: <12556.902688876@verdi.nethelp.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 9 Aug 1998 sthaug@nethelp.no wrote: >> These all seem to come from isi.net: >> >> Connection attempt to UDP 205.238.142.73:33505 from 195.8.97.66:38025 >> Connection attempt to UDP 205.238.142.73:33506 from 195.8.97.66:38025 >... >> I'm curious about the high port numbers, although I wonder if these >> are the only ones I'm seeing. What does this mean? > >traceroute. Did that. Except for the 195.8.97.66, which is ns5.isi.net, they all seen to come from shortcut.???.isi.net. They all trace back to a running machine. What are they looking for and what do they expect to find at those high port numbers? >Steinar Haug, Nethelp consulting, sthaug@nethelp.no > -- Jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message