Security Incidents mailing list archives

Re: Keep connecting to remote host on port 7869

From: Luis Bruno <lbruno () zbit pt>
Date: Sat, 26 Oct 2002 09:30:47 +0000

Frank Cheong wrote:

My redhat linux mail host keeps connecting to other remote host quite
frequently on remote port 7869.
[snip]
Below is the firewall log (IP address being modified) :

10/23/2002 11:13:36.640 -     TCP connection dropped -     
Source:123.123.123.123, 51321, LAN -     
Destination:234.234.234.234, 7869, WAN -     Type: 786 -
     Rule 66


If your frewall drops the connection thru a TCP RST, change it so that
it silently drops the packets. This will make the linux box hang waiting
for a timeout.

Then execute:

        netstat -tanp | grep <port>

on the linux box, where <port> is the source port you see in the Source:
line on your firewall logs.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Keep connecting to remote host on port 7869 Frank Cheong (Oct 25)
- Re: Keep connecting to remote host on port 7869 Anthony LaMantia (Oct 26)
- Re: Keep connecting to remote host on port 7869 Luis Bruno (Oct 26)
- <Possible follow-ups>
- Re: Keep connecting to remote host on port 7869 Frank Cheong (Oct 27)