Re: Keep connecting to remote host on port 7869

From: Luis Bruno (lbrunoat_private)
Date: Sat Oct 26 2002 - 02:30:47 PDT

Next message: Havoc: "Re: Strange attacks"

Previous message: Rory Savage: "RE: Apache 1.3.26 seg faults & bus errors"
In reply to: Frank Cheong: "Keep connecting to remote host on port 7869"
Next in thread: Frank Cheong: "Re: Keep connecting to remote host on port 7869"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank Cheong wrote:
> My redhat linux mail host keeps connecting to other remote host quite
> frequently on remote port 7869.
> [snip]
> Below is the firewall log (IP address being modified) :
> 
> 10/23/2002 11:13:36.640 -     TCP connection dropped -     
> Source:123.123.123.123, 51321, LAN -     
> Destination:234.234.234.234, 7869, WAN -     Type: 786 -
>      Rule 66

If your frewall drops the connection thru a TCP RST, change it so that
it silently drops the packets. This will make the linux box hang waiting
for a timeout.

Then execute:

	netstat -tanp | grep <port>

on the linux box, where <port> is the source port you see in the Source:
line on your firewall logs.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Havoc: "Re: Strange attacks"
Previous message: Rory Savage: "RE: Apache 1.3.26 seg faults & bus errors"
In reply to: Frank Cheong: "Keep connecting to remote host on port 7869"
Next in thread: Frank Cheong: "Re: Keep connecting to remote host on port 7869"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 26 2002 - 14:20:58 PDT