[prev in list] [next in list] [prev in thread] [next in thread]
List: ipchains-list
Subject: RE: 370 & 371/udp /answer to the $64K question
From: Clyde Parliament <clyde.parliament () flexserv ! com>
Date: 2001-02-16 14:16:00
[Download RAW message or body]
I finally determined the culprit: DataLifeLine
http://www.westerndigital.com/products/drives/lifeline.html
from WD. I thought I was downloading tools; I see now that I did not! I
checked TaskMangler and found it running and put 2 + 2 together. ipchains
saves the day again!
===== Original Message from John Sage <jsage@finchhaven.com> at 2/15/01
10:40 pm
>Clyde:
>
>http://www.snort.org/Database/portsearch.asp
>
>offers a good source for checking port usage.
>
>For 370 it returns:
>
>370 udp codaauth2
>370 tcp codaauth2
>
>and for 371:
>
>371 udp Clearcase
>371 tcp Clearcase
>
>I have no idea what these are, but if these ports were involved in
>(known) exploits, the name of the exploit is returned, like this:
>
>23 tcp ODD Packet - Utlors Telnet Trojan
>
>HTH..
>
>- John
>
>--
>John Sage
>FinchHaven, Vashon Island, WA, USA
>http://www.finchhaven.com/
>mailto:jsage@finchhaven.com
>And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"
>
>Clyde Parliament wrote:
>>
>> Has anyone seen an exploit using these ports? I finally configured my
>> firewall to remote log to a central server, and while checking out my
>> handywork, I noticed several DENY entries in the wee hours of the morning.
>> I was surprised for several reasons: who they were going to, and, that they
>> came from my personal workstation. I did do a reverse lookup (obviously),
>> but I am going to refrain from revealing the entity they were directed to
>> until I find out more info.
>> Any help would be appreciated; I realize this might be off-topic, but I know
>> the powers-that-be spend a great deal of time analyzing firewall scripts
>> and log output.
>>
>> TIA
>>
>> Clyde L. Parliament
>> President
>> Flexserv Inc.
>> PMB-C225
>> 1498 Buford Hwy. N.E.
>> Sugar Hill, GA 30518
>>
>> Voice: 678-317-0261
>> Fax: 678-942-2950
>>
>> Email mailto:clyde.parliament@flexserv.com
>> Web: http://www.flexserv.com
Clyde L. Parliament
President
Flexserv Inc.
PMB-C225
1498 Buford Hwy. N.E.
Sugar Hill, GA 30518
Voice: 678-317-0261
Fax: 678-942-2950
Email mailto:clyde.parliament@flexserv.com
Web: http://www.flexserv.com
Clyde L. Parliament
President
Flexserv Inc.
PMB-C225
1498 Buford Hwy. N.E.
Sugar Hill, GA 30518
Voice: 678-317-0261
Fax: 678-942-2950
Email mailto:clyde.parliament@flexserv.com
Web: http://www.flexserv.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic