Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 65535, again

From: hektor () RZ RWTH-AACHEN DE (Jens Hektor)
Date: Thu, 6 Apr 2000 08:03:03 -0000

Hi, 

we had this thread already in February but the answers
to this problem were a bit vague.

So another chance to clearify this: more than one month
later, same (and an other one) source machine(s), same
signature.

Apr  3 10:01:09 X.Y kernel: Packet log: input REJECT eth1
PROTO=6 209.1.224.16:65535 134.130.X.Y:65535 L=52 S=0x00
I=5405 F=0x0093 T=237 (#106) 
Apr  5 15:43:24 X.Y kernel: Packet log: input REJECT eth1
PROTO=6 192.115.221.125:65535 134.130.X.Y:65535 L=28 S=0x00
I=18772 F=0x00B8 T=50 (#106) 

In contrast to the older case, these packets do not come
very regular every 2 minutes, though sometimes there is an
exactly 2-minute time-distance.

The destination was exactly one machine (X.Y).

Bye, Jens


Feb 29 07:12:25 firepower kernel: Packet log: private1
DENY eth0 PROTO=6
192.115.221.125:65535 207.245.232.127:65535 L=28 S=0x00
I=15817 F=0x00B8 T=47
(#7)
Previous By Date Next
Previous By Thread Next

Current thread: