Firewall Wizards mailing list archives

Re: UDP: port 31790 -> 31789

From: John Ladwig <jladwig () nts umn edu>
Date: Tue, 16 Nov 1999 10:25:05 -0600 (CST)

[Charset iso-8859-1 unsupported, filtering to ASCII...]

hello all,
our firewall logs a lot of packets, coming in from port 31790 to
port 31789, udp protocol. it seems to be a quite usual scan attack.
has anybody encountered anything equal or can anybody explain to me,
what kind of software the possible attacker is expecting at port
31789?

any hints are greatly appreciated


Scuttlebutt from other parts of my institution is there are ports in
that range (tcp and udp) that are commonly mapped to RPC services like
ypserv on Solaris.  There may be others, naturally.

We see scans/probes on these ports pretty regularly.

    -jml

Current thread:

UDP: port 31790 -> 31789 Jan Stifter (Nov 16)
- Re: UDP: port 31790 -> 31789 John Ladwig (Nov 17)
- Re: UDP: port 31790 -> 31789 Shane Macaulay (Nov 18)
- <Possible follow-ups>
- Re: UDP: port 31790 -> 31789 Robert Graham (Nov 17)