Security Incidents mailing list archives
port 32814
From: Brian Collins <bcollins () newnanutilities org>
Date: Sat, 22 Jun 2002 12:10:04 -0400
I see a lot of incoming requests for port 32814, generally UDP with a source port of 50, 51, sometimes 65. Not much turns up in web searches on this port and Neohapsis doesn't have a reported use for this port. Does anyone else get anything like these? I'm running a tcpdump get payloads and will post those if you'd like.
Jun 22 11:58:17 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=152.163.159.225 DST=x LEN=157 TOS=0x00 PREC=0x00 TTL=51 ID=54945 PROTO=UDP SPT=50 DPT=32814 LEN=137 Jun 22 11:58:17 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=152.163.159.225 DST=x LEN=164 TOS=0x00 PREC=0x00 TTL=51 ID=54946 PROTO=UDP SPT=50 DPT=32814 LEN=144 Jun 22 11:58:19 kernel: EndDropI:IN=eth0 OUT= MAC=00:e0:81:04:a9:40:00:00:d1:ef:01:ad:08:00 SRC=205.188.157.227 DST=x LEN=157 TOS=0x00 PREC=0x00 TTL=51 ID=41601 PROTO=UDP SPT=51 DPT=32814 LEN=137
Thanks, Brian Collins Systems Administrator Newnan Utilities bcollins () newnanutilities org 770 683 5516 x264 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- port 32814 Brian Collins (Jun 22)
- Re: SQL port probe repeats Harlan S. Barney, Jr. (Jun 22)
- Re: SQL port probe repeats David Barnett (Jun 23)
- Re: SQL port probe repeats Harlan S. Barney, Jr. (Jun 22)