Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Curious packets to port 48

From: aedron <aedron () DAEWERK NET>
Date: Mon, 1 Jan 2001 23:15:27 -0600
Something interesting popped up in the logs this weekend:

Dec 31 05:12:12 xyzzy kernel: Packet log: input DENY eth0 PROTO=TCP
24.91.65.96:1355 xxx.xxx.xxx.xxx:48 L=48:28:0 S=0x00 I=12916:120828959:0
F=0x0040 T=110 .S.... (#26)
Dec 31 05:12:15 xyzzy kernel: Packet log: input DENY eth0 PROTO=TCP
24.91.65.96:1355 xxx.xxx.xxx.xxx:48 L=48:28:0 S=0x00 I=38772:120828959:0
F=0x0040 T=110 .S.... (#26)

Can't recall ever having seen an attempt to connect to 48 on this
machine before.  Is there a (new) auditd exploit out there?

Just curious,
Aedron
Previous By Date Next
Previous By Thread Next

Current thread: