Security Incidents mailing list archives
Re: Keep connecting to remote host on port 7869
From: Frank Cheong <fch () hktb com>
Date: 28 Oct 2002 01:37:10 -0000
In-Reply-To: <20021026093047.GA30704 () useful yi org> After detailed investigation, I've found that it is really caused by PHP debugger. All packet disappeared after I have turned off the debugging feature of PHP. But what caused the PHP debugging to remotely sending information out ? Is it a sign of hacker or actually there are some bugs with the PHP programs ? Coz I am running squirrel mail on that mail server.
Received: (qmail 17458 invoked from network); 26 Oct 2002 21:21:22 -0000 Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 26 Oct 2002 21:21:22 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP id 284B88F28C; Sat, 26 Oct 2002 14:03:19 -0600 (MDT) Mailing-List: contact incidents-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <incidents.list-id.securityfocus.com> List-Post: <mailto:incidents () securityfocus com> List-Help: <mailto:incidents-help () securityfocus com> List-Unsubscribe: <mailto:incidents-unsubscribe () securityfocus com> List-Subscribe: <mailto:incidents-subscribe () securityfocus com> Delivered-To: mailing list incidents () securityfocus com Delivered-To: moderator for incidents () securityfocus com Received: (qmail 11258 invoked from network); 26 Oct 2002 08:54:42 -0000 Date: Sat, 26 Oct 2002 09:30:47 +0000 From: Luis Bruno <lbruno () zbit pt> To: incidents () securityfocus com Subject: Re: Keep connecting to remote host on port 7869 Message-ID: <20021026093047.GA30704 () useful yi org> Mail-Followup-To: incidents () securityfocus com References: <20021025030417.1973.qmail () mail securityfocus com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021025030417.1973.qmail () mail securityfocus com> User-Agent: Mutt/1.3.28i X-Warning: Personal opinions beyond this line. X-Message-Flag: When your hammer is C++, everything begins to look like a
thumb.
X-Send-Missiles-To: Viseu, Portugal - UTM 29T 629481 E 4511776 N - 576m Frank Cheong wrote:My redhat linux mail host keeps connecting to other remote host quite frequently on remote port 7869. [snip] Below is the firewall log (IP address being modified) : 10/23/2002 11:13:36.640 - TCP connection dropped - Source:123.123.123.123, 51321, LAN - Destination:234.234.234.234, 7869, WAN - Type: 786 - Rule 66If your frewall drops the connection thru a TCP RST, change it so that it silently drops the packets. This will make the linux box hang waiting for a timeout. Then execute: netstat -tanp | grep <port> on the linux box, where <port> is the source port you see in the Source: line on your firewall logs. --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Keep connecting to remote host on port 7869 Frank Cheong (Oct 25)
- Re: Keep connecting to remote host on port 7869 Anthony LaMantia (Oct 26)
- Re: Keep connecting to remote host on port 7869 Luis Bruno (Oct 26)
- <Possible follow-ups>
- Re: Keep connecting to remote host on port 7869 Frank Cheong (Oct 27)