Higher up ports like that are usually dynamically assigned for two-way connections, for instance, when I run bitchX and connect to openprojects.net #Debian, I get one or two connections back to my machine. You can use netstat to determine which program is currently listening on a given port. When I connect to an IRC server the connection going out on that machine is 6667, but the returning connection, which is for data coming back I suppose, is on a different high numbered port. perhaps UDP? Hope this helps. Check the netstat manpage
D -----Original Message----- From: Javier Fernández-Sanguino Peña [mailto:[EMAIL PROTECTED] Sent: Monday, August 05, 2002 5:51 AM To: Arne Schwabe Cc: debian-security@lists.debian.org Subject: Re: port 12980/udp On Sat, Aug 03, 2002 at 11:00:36PM +0200, Arne Schwabe wrote: > Hi, > > today i saw lot of connection attemps to port 12980 on my > machine. Because that are many[1] and they came from different hosts i > am wondering what is going on here. > > Arne > > [1] > [EMAIL PROTECTED]/var/log$ grep "Aug 3" kern.log | grep 12980 | wc -l > 628 > This questions are starting to become somewhat of a FAQ. My answer is, if you do not know what port is related to an attack you are receiving it might be worth checking: - To see which ports are actively being probed/attack: http://isc.incidents.org/ or http://www.dshield.org/ (https://analyzer.securityfocus.com/ seems to have had this info previously but does not seem to make it public anymore). More specifically: http://isc.incidents.org/top10.html - To see what service might be associated to a given port check http://www.portsdb.org/ Unfortunately a search in any of these regarding 12980 didn't return a thing so you might want to report it to ISC. Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]