I see a lot of incoming requests for port 32814, generally UDP with a source port of 50, 51, sometimes 65. Not much turns up in web searches on this port and Neohapsis doesn't have a reported use for this port. Does anyone else get anything like these? I'm running a tcpdump get payloads and will post those if you'd like. Jun 22 11:58:17 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=152.163.159.225 DST=x LEN=157 TOS=0x00 PREC=0x00 TTL=51 ID=54945 PROTO=UDP SPT=50 DPT=32814 LEN=137 Jun 22 11:58:17 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=152.163.159.225 DST=x LEN=164 TOS=0x00 PREC=0x00 TTL=51 ID=54946 PROTO=UDP SPT=50 DPT=32814 LEN=144 Jun 22 11:58:19 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=205.188.157.227 DST=x LEN=157 TOS=0x00 PREC=0x00 TTL=51 ID=41601 PROTO=UDP SPT=51 DPT=32814 LEN=137 Thanks, Brian Collins Systems Administrator Newnan Utilities bcollinsat_private 770 683 5516 x264 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 10:57:46 PDT