RE: funny packets

From: Christian S. (cschreiber@netrail.net)
Date: 03/28/01

• Next message: mike: "Re: named dying on INSIST"
• Previous message: Peter Radcliffe: "Re: SSHD revelaing too much information."
• In reply to: Andre Goeree: "funny packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Christian S." <cschreiber@netrail.net>
To: <abgoeree@uwnet.nl>, <freebsd-security@freebsd.org>
Date: Tue, 27 Mar 2001 17:34:57 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paris.

http://www.ripe.net/cgi-bin/whois?query=195.25.44.186&.submit=Submit+Q
uery

That should give you all the information that you need. :) Port
numbers are strange - all non-priv ports, IIRC..

Regards,
Christian

"...we have only twice as many genes as a fruit fly, or roughly the
same number as an ear of corn, about 30,000."
Ergo, we are all corn.

- -----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Andre Goeree
Sent: Tuesday, March 27, 2001 5:29 PM
To: freebsd-security@freebsd.org
Subject: funny packets

Hello,

While CVSuppin' ports i caught some strange packets:

Mar 27 23:29:38 mandark /kernel: ipfw: 3900 Deny TCP
195.25.44.186:4828 213.227.128.244:4662 in via tun0
Mar 27 23:29:38 mandark /kernel: ipfw: 3900 Deny TCP
195.25.44.186:4828 213.227.128.244:4662 in via tun0
Mar 27 23:35:38 mandark /kernel: ipfw: 3900 Deny TCP
195.25.44.186:1075 213.227.128.244:4662 in via tun0
Mar 27 23:35:38 mandark /kernel: ipfw: 3900 Deny TCP
195.25.44.186:1075 213.227.128.244:4662 in via tun0

Notice the time between the messages, exactly 6 min.
195.25.44.186 was/is not resolvable.
Any ideas?

- --Andre.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOsEVcikK9qTvGvteEQLnygCgtntt2ei6x8Ps9pdH2O/dIthdfc4AoJPd
mWt+dQ2b8h9hp+SMAzZCkBwe
=HLfU
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: mike: "Re: named dying on INSIST"
• Previous message: Peter Radcliffe: "Re: SSHD revelaing too much information."
• In reply to: Andre Goeree: "funny packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: some weird stuff found ... > In the last few days I started noticing strange things. ... FreeBSD machines. ... to see what is bound to those ports. ... I am running xdm but I only allowed connections from ... (FreeBSD-Security) Re: PING--> David H Lipman. ... > | Hello David. ... > NameServer: DNS01.SAVVIS.NET ... That is strange indeed! ... some of the ports is the same ports that MyNetwatchman is listen to, ... (microsoft.public.security.virus) Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second ... I have a strange problem, ... I scanned localhost TCP ports with nmap and I saw that ... I found out that by default nmap doesn't scan every ... there were 2) ports which were reported by nmap as ... (Incidents) Re: BUG: Unusual TCP Connect() results. ... > kernels do not return the same strange results. ... > strangely ports which are NOT open are being reported as open. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-03