Security Incidents mailing list archives

Port 6502

From: sekure () MEDIAONE NET (Tony Lambiris)
Date: Mon, 17 Apr 2000 00:55:10 -0400


Check out these log messages...

Apr 16 20:35:21 sekure kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:
6502 255.255.255.255:6502 L=136 S=0x00 I=64 F=0x0000 T=128 (#4)
Apr 16 20:35:21 sekure kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:
6502 255.255.255.255:6502 L=136 S=0x00 I=65 F=0x0000 T=128 (#4)
Apr 16 20:35:21 sekure kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:
6502 255.255.255.255:6502 L=136 S=0x00 I=66 F=0x0000 T=128 (#4)
Apr 16 20:35:21 sekure kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:
6502 255.255.255.255:6502 L=136 S=0x00 I=67 F=0x0000 T=128 (#4)
Apr 16 20:35:21 sekure kernel: Packet log: input DENY eth0 PROTO=17
192.168.1.1:
6502 255.255.255.255:6502 L=136 S=0x00 I=68 F=0x0000 T=128 (#4)

I'm running a Debian system, with ipmasq (the scripts to put up dynamic
firewalls) installed, and in one of the scripts, it denys any requests
for private IP addresses that come from the external network interface.
Well, in my case, eth0 is in fact connected to the internet, and the
address it's trying to reach is 192.168.1.1. I'm just confused about the
source address being 255.255.255.255. Can some one shed light on this
(especially whats on port 6502... nothing in my /etc/services).

Thanks.

Current thread:

Re: sadmind hack?, (continued)
- Re: sadmind hack? Ex Machina (Apr 13)
- Re: sadmind hack? Robert Graham (Apr 13)
  - Re: sadmind hack? Fyodor (Apr 16)
  - Weird Ping requests Erick Brockway (Apr 16)
    - Re: Weird Ping requests Richard Bejtlich (Apr 18)
    - Re: Weird Ping requests Erick Brockway (Apr 21)
  - Re: sadmind hack? Labu Labi (Apr 17)
    - Re: sadmind hack? Prateek Jetly (Apr 18)
- Re: sadmind hack? Chad Roberts (Apr 14)
- Strange UDP traffic Ed Padin (Apr 14)
- Port 6502 Tony Lambiris (Apr 16)
- Re: sadmind hack? Oliver Friedrichs (Apr 13)
- Re: sadmind hack? Spoonm Spoonm (Apr 18)