Security Incidents mailing list archives
Curious packets to port 48
From: aedron <aedron () DAEWERK NET>
Date: Mon, 1 Jan 2001 23:15:27 -0600
Something interesting popped up in the logs this weekend: Dec 31 05:12:12 xyzzy kernel: Packet log: input DENY eth0 PROTO=TCP 24.91.65.96:1355 xxx.xxx.xxx.xxx:48 L=48:28:0 S=0x00 I=12916:120828959:0 F=0x0040 T=110 .S.... (#26) Dec 31 05:12:15 xyzzy kernel: Packet log: input DENY eth0 PROTO=TCP 24.91.65.96:1355 xxx.xxx.xxx.xxx:48 L=48:28:0 S=0x00 I=38772:120828959:0 F=0x0040 T=110 .S.... (#26) Can't recall ever having seen an attempt to connect to 48 on this machine before. Is there a (new) auditd exploit out there? Just curious, Aedron
Current thread:
- Curious packets to port 48 aedron (Jan 01)