Security Incidents mailing list archives
port 65535 and protocol 171 !?
From: j_bauer () GMX NET (Jürgen Bauer)
Date: Mon, 5 Jun 2000 17:17:54 +0200
hi folks, in this mailinglist i read a lot about portscans. what i am searching for is a site with info about recent scan-incidents. i have wired things in my log every day. today i had this in my logs and i am wondering what protocol 171 is ??? and on the ather hand: is port 65535 a special port in some way ??? kernel: Packet log: input - eth0 PROTO=171 216.49.10.227:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.211:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.236:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.211:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.236:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.236:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.236:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.211:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.236:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.237:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) kernel: Packet log: input - eth0 PROTO=171 216.49.10.211:65535 62.xxx.xxx.xxx:65535 L=44 S=0x00 I=0 F=0x0000 T=235 (#82) did anyone see something similar and can tell me what this is about ? ok, enough questions, thanx, juergen
Current thread:
- Re: FW-1 log analysis tool, (continued)
- Re: FW-1 log analysis tool Lance Spitzner (Jun 10)
- Re: FW-1 log analysis tool Kenneth Ish (Jun 11)
- port 12345 scanning Luke Dudney (Jun 11)
- Protocol 54 M J (Jun 07)
- Re: very strange scan patterns Ejovi Nuwere (Jun 07)
- hacked @home with logs and info.. nmorgowicz () RALCOIND COM (Jun 07)
- Re: hacked @home with logs and info.. Shadow Boxer (Jun 08)
- UDP Port 2078 Dundo (Jun 08)
- New KAK worm distribution out Roy Wilson (Jun 08)
- Re: hacked @home with logs and info.. Randy Mclean (Jun 09)
- port 65535 and protocol 171 !? Jürgen Bauer (Jun 05)
- Re: Microsoft version.binding us now? Tom Kee (Jun 03)
- Re: Microsoft version.binding us now? Richard Bejtlich (Jun 22)
- Re: Microsoft version.binding us now? Oliver Friedrichs (Jun 23)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 24)
- Re: Microsoft version.binding us now? John Hall (Jun 27)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 24)
- Re: Microsoft version.binding us now? Rune Kristian Viken (Jun 28)