Hi All, I'm new to this list and am wondering if you can point me to some info about the following port probes (from my Red Hat 7.0 box): 1. 1680 UDP ... kernel: Packet log: input DENY ppp0 PROTO=17 xxx.xxx.xxx.xxx:1680 xxx.xxx.xxx.xxx:1680 L=90 S=0x00 I=47873 F=0x0000 T=127 (#84) What is port 1680? I can't seem to find any information on it anywhere on the web. I've only seen this one packet, and it was from the IP address adjacent to mine on the dialup bank. 2. 9393 TCP Here's another one that i haven't been able to track down. Any ideas on this one? ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53493 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53749 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=54005 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=58101 F=0x4000 T=99 SYN (#85) I had several repeats of this sort of scan, all from hosts in Romania. 3. 4000 TCP I've had a few scans from dialup addresses in Russia on port 4000 TCP, which i understand is usually ICQ, but why would i be getting port scans just from this one place? Thanks in advance, Paul http://paulgear.webhop.net
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 12:44:51 PDT