Port probes: 1680 UDP, 9393 TCP, and 4000 TCP

[Paul Gear <paulgear () bigfoot com>]

Hi All,

I'm new to this list and am wondering if you can point me to some info
about the following port probes (from my Red Hat 7.0 box):


1.  1680 UDP

... kernel: Packet log: input DENY ppp0 PROTO=17 xxx.xxx.xxx.xxx:1680
xxx.xxx.xxx.xxx:1680 L=90 S=0x00 I=47873 F=0x0000 T=127 (#84)

What is port 1680?  I can't seem to find any information on it anywhere
on the web.  I've only seen this one packet, and it was from the IP
address adjacent to mine on the dialup bank.


2.  9393 TCP

Here's another one that i haven't been able to track down.  Any ideas on
this one?

... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654
xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53493 F=0x4000 T=99 SYN (#85)
... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654
xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53749 F=0x4000 T=99 SYN (#85)
... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654
xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=54005 F=0x4000 T=99 SYN (#85)
... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654
xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=58101 F=0x4000 T=99 SYN (#85)

I had several repeats of this sort of scan, all from hosts in Romania.


3.  4000 TCP

I've had a few scans from dialup addresses in Russia on port 4000 TCP,
which i understand is usually ICQ, but why would i be getting port scans
just from this one place?

Thanks in advance,
Paul
http://paulgear.webhop.net