Re: Port 65535, again

[vventura () SIA PT (vventura () SIA PT)]

Hi,

there are at least two trojans that listen on that port,
problably someone is probing for that trojans.

Hi, 

we had this thread already in February but the answers
to this problem were a bit vague.

So another chance to clearify this: more than one month
later, same (and an other one) source machine(s), same
signature.

Apr  3 10:01:09 X.Y kernel: Packet log: input REJECT eth1
PROTO=6 209.1.224.16:65535 134.130.X.Y:65535 L=52 S=0x00
I=5405 F=0x0093 T=237 (#106) 
Apr  5 15:43:24 X.Y kernel: Packet log: input REJECT eth1
PROTO=6 192.115.221.125:65535 134.130.X.Y:65535 L=28 S=0x00
I=18772 F=0x00B8 T=50 (#106) 

In contrast to the older case, these packets do not come
very regular every 2 minutes, though sometimes there is an
exactly 2-minute time-distance.

The destination was exactly one machine (X.Y).

Bye, Jens

<FONT COLOR="#222255">> Feb 29 07:12:25 firepower kernel:
Packet log: private1</FONT>
<FONT COLOR="#222255">> DENY eth0 PROTO=6</FONT>
<FONT COLOR="#222255">> 192.115.221.125:65535
207.245.232.127:65535 L=28 S=0x00</FONT>
<FONT COLOR="#222255">> I=15817 F=0x00B8 T=47</FONT>
<FONT COLOR="#222255">> (#7)</FONT>