Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

What is this (port 7626 tcp)?

From: Bruce Parkinson <bruce.parkinson () PAVTECH CO NZ>
Date: Tue, 22 Aug 2000 09:04:48 +1200
Hi,

I've checked several trojan port lists, without success.  Any thoughts?

Aug 21 04:54:27 gw ipmon[28005]: 04:54:27.299473             tun0 @0:34 b
202.11
0.40.45,2097 -> 203.96.193.75,7626 PR tcp len 20 48 -S
Aug 21 04:54:30 gw ipmon[28005]: 04:54:30.263861             tun0 @0:34 b
202.11
0.40.45,2097 -> 203.96.193.75,7626 PR tcp len 20 48 -S
Aug 21 04:54:36 gw ipmon[28005]: 04:54:36.245459             tun0 @0:34 b
202.11
0.40.45,2097 -> 203.96.193.75,7626 PR tcp len 20 48 -S
Aug 21 04:54:48 gw ipmon[28005]: 04:54:48.177990             tun0 @0:34 b
202.11
0.40.45,2097 -> 203.96.193.75,7626 PR tcp len 20 48 -S

Logs are from a fully patched OpenBSD 2.6 box.  Only ports available from
the outside are http and ssh.

Thanks,
Bruce

-------------------------------------------------------
Bruce Parkinson           Phone   +64 7 838-2010
Systems Administrator     Fax     +64 7 838-0977
PavTech NZ Ltd &          Mobile  +64 25 545-142
Wave Internet             bruce.parkinson () pavtech co nz
PO Box 935, WMC
Hamilton                  http://www.pavtech.co.nz/
NEW ZEALAND               http://www.wave.co.nz/
Previous By Date Next
Previous By Thread Next

Current thread: