tcp 17888

From: David Vestal (dk_vestal_at_seznam.cz)
Date: 10/08/03

  • Next message: Harlan Carvey: "Re: tcp 17888"
    To: incidents@securityfocus.com
    Date: 07 Oct 2003 19:56:30 -0500
    
    

    While monitoring my firewall I noticed a lot of incoming tcp packets to
    port 17888. All were dropped, so there has been no damage or intrusion.
    I fired up tcpdump and let it catch all the packets for 2 hours and
    using ethereal I found 11105 packets from approx. 30 different sources.
    All packets had the SYN flag and most of the time there were 3 packets
    from the same source port. Many of the source ip's had attempts from
    numerous different ports. Google returned information on "netlet" when
    queried for "tcp 17888". I am not familiar with netlet, it seems to me
    to be some type of rpc.

    Since it seems to be rpc my guess is someone looking for another machine
    to own. I am on an aDSL connection and after the 2 hours of logging with
    tcpdump I shut down the connection and restarted it after 15 minutes and
    have so far not had this scanning again.

    I was wondering if anyone would know what this might be. If anymore
    information is necessary just let me know. Thanks.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Harlan Carvey: "Re: tcp 17888"