Date: Fri, 22 Jan 1999 00:08:17 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Anthony Kim <anthony@enteract.com> Cc: "security@FreeBSD.ORG" <security@FreeBSD.ORG> Subject: Re: TCP port question IPFW Message-ID: <Pine.BSF.4.05.9901212359090.323-100000@aniwa.sky> In-Reply-To: <36A6E700.CEC5418C@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm sort of annoyed...there is some IP who is constantly filling up my > ipfw logs with TCP port 1719 attempts daily. The hours are late in the If you're annoyed by the log entries, but not concerned by them, then don't log entries from their IP to that port. Among other things, this sort of practice makes it more likely you'll see important log info. Logging too much is a bad thing. OTOH, it can clutter your firewall ruleset. > evening until around 2am, then it begins again shortly after 6pm (he or > she must have come home from work and felt like bugging me). More > recently I see requests for TCP port 1106 in my logs as well from them. > A quick search on the web showed 1719 was h323gatestat. Can someone tell > me what that is? I didn't find anything on TCP port 1106 either. Any > info is greatly appreciated. Also, anyway I can track this person down? > traceroute works but no hostname returns. You might be able to identify their service provider from other entries in the traceroute. Also, doing a reverse lookup on other IP's in the same class C network often clarifies who owns the network. It's often possible to connect to services like telnet, smtp, ftp and get a machine name. This basically ammounts to a localised port scan. It's easily justified, but I wonder if people ever get into trouble with their ISP's as a result of it. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9901212359090.323-100000>