do you have a dump of the data inside the packet? port 7869 is the default port of php debugger i dont know how that is helpfull to you but data dump would help Anthony LaMantia http://www.bia-security.com On Thu, 2002-10-24 at 22:04, Frank Cheong wrote: > > > I got a question with my redhat linux host (which is a mail host) keep > connecting to other remote host quite frequently on remote port 7869 and I > m receiving these firewall log almost every minutes. Could someone give me > hints so that I can further isolate the problem or trim down the scope to > find out the real cause. > > Below is the firewall log (IP address being modified) : > > 10/23/2002 11:13:36.640 - TCP connection dropped - > Source:123.123.123.123, 51321, LAN - > Destination:234.234.234.234, 7869, WAN - Type: 786 - > Rule 66 > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Oct 26 2002 - 14:09:15 PDT