TCP 12345 is the port netbus uses. So it's probably a good thing that you
have that host blocked.
> I had been warned on this list some months back
> to pay attenttion to attempted TCP connections
> from "unknown individuals"
>
> This morning I had:
>
> Dec 22 01:08:12 home portsentry[812]: attackalert: Connect from host:
> 1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
> Dec 22 01:08:12 home portsentry[812]: attackalert: Host 63.28.217.163
> has been blocked via wrappers with string: "ALL: 63.28.217.163"
> Dec 22 01:08:12 home portsentry[812]: attackalert: Host 63.28.217.163
> has been blocked via dropped route using command: "/sbin/route add -host
> 63.28.217.163 gw 333.444.555.666"
>
> Okay I looked up in /etc/services and can not find that
> port listed?
>
> While I'm at it does this one make any sense to anyone?
> Dec 21 22:11:05 home routed[440]: packet from unknown router,
> 198.70.230.33
> Dec 21 22:11:36 home routed[440]: packet from unknown router,
> 198.70.230.33
>
> This has been going on for some time now. I have asked my
> ISP about it but after two weeks and several emails I am
> about to the "shrug my shoulders stage"
>
--
John Duquette |
Security Analyst | "It is harder to preserve than to
Network Security Lab | obtain liberty"
ICSA.net |
717/241-3404 | - John C. Calhoun
http://www.icsa.net |
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
