Security Incidents mailing list archives
Port probes: 1680 UDP, 9393 TCP, and 4000 TCP
From: Paul Gear <paulgear () bigfoot com>
Date: Mon, 18 Jun 2001 22:01:33 +1000
Hi All, I'm new to this list and am wondering if you can point me to some info about the following port probes (from my Red Hat 7.0 box): 1. 1680 UDP ... kernel: Packet log: input DENY ppp0 PROTO=17 xxx.xxx.xxx.xxx:1680 xxx.xxx.xxx.xxx:1680 L=90 S=0x00 I=47873 F=0x0000 T=127 (#84) What is port 1680? I can't seem to find any information on it anywhere on the web. I've only seen this one packet, and it was from the IP address adjacent to mine on the dialup bank. 2. 9393 TCP Here's another one that i haven't been able to track down. Any ideas on this one? ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53493 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=53749 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=54005 F=0x4000 T=99 SYN (#85) ... kernel: Packet log: input DENY ppp0 PROTO=6 xxx.xxx.xxx.xxx:61654 xxx.xxx.xxx.xxx:9393 L=64 S=0x10 I=58101 F=0x4000 T=99 SYN (#85) I had several repeats of this sort of scan, all from hosts in Romania. 3. 4000 TCP I've had a few scans from dialup addresses in Russia on port 4000 TCP, which i understand is usually ICQ, but why would i be getting port scans just from this one place? Thanks in advance, Paul http://paulgear.webhop.net
Current thread:
- Port probes: 1680 UDP, 9393 TCP, and 4000 TCP Paul Gear (Jun 18)
- Re: Port probes: 1680 UDP, 9393 TCP, and 4000 TCP Phil Dyer (Jun 18)