Lo, on Tuesday, October 9, Sean Kelleher did write: > Hi folks, > > I've got errors that are continually popping up to STDERR about a > packet being rejected by my firewall, bound for port 65535. this > behaviour itself is normal -- my firewall should reject this packet -- > but i'd like to know what service this packet hopes to reach. i've > checked the relevant files (AFAIK -- /etc/services, /etc/inetd.conf), > but don't see anything that applies. > > anyone know where i could look to find out which service this is?
http://www.snort.org/ has a database of this sort of information, searchable by port number. (Bottom of the left column.) For 65535, it says: Port 65535 / tcp Keyword RC1trojan Description [trojan] RC1 trojan for what that's worth to you. IIRC, ports in the high end of the range are also used by Linux for IP masquerading. I seem to recall hearing about a hole in this system that could be exploited, although I don't remember any details. (I do know that it was patched quite some time ago; 2.4 and recent 2.2 kernels aren't vulnerable.) Richard