RE: port 12980/udp
Higher up ports like that are usually dynamically assigned for two-way connections, for instance, when I run bitchX and connect to openprojects.net #Debian, I get one or two connections back to my machine. You can use netstat to determine which program is currently listening on a given port. When I connect to an IRC server the connection going out on that machine is 6667, but the returning connection, which is for data coming back I suppose, is on a different high numbered port. perhaps UDP? Hope this helps. Check the netstat manpage D -Original Message- From: Javier Fernández-Sanguino Peña [mailto:[EMAIL PROTECTED] Sent: Monday, August 05, 2002 5:51 AM To: Arne Schwabe Cc: debian-security@lists.debian.org Subject: Re: port 12980/udp On Sat, Aug 03, 2002 at 11:00:36PM +0200, Arne Schwabe wrote: > Hi, > > today i saw lot of connection attemps to port 12980 on my > machine. Because that are many[1] and they came from different hosts i > am wondering what is going on here. > > Arne > > [1] > [EMAIL PROTECTED]/var/log$ grep "Aug 3" kern.log | grep 12980 | wc -l > 628 > This questions are starting to become somewhat of a FAQ. My answer is, if you do not know what port is related to an attack you are receiving it might be worth checking: - To see which ports are actively being probed/attack: http://isc.incidents.org/ or http://www.dshield.org/ (https://analyzer.securityfocus.com/ seems to have had this info previously but does not seem to make it public anymore). More specifically: http://isc.incidents.org/top10.html - To see what service might be associated to a given port check http://www.portsdb.org/ Unfortunately a search in any of these regarding 12980 didn't return a thing so you might want to report it to ISC. Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: port 12980/udp
On Sat, Aug 03, 2002 at 11:00:36PM +0200, Arne Schwabe wrote: > Hi, > > today i saw lot of connection attemps to port 12980 on my > machine. Because that are many[1] and they came from different hosts i > am wondering what is going on here. > > Arne > > [1] > [EMAIL PROTECTED]/var/log$ grep "Aug 3" kern.log | grep 12980 | wc -l > 628 > This questions are starting to become somewhat of a FAQ. My answer is, if you do not know what port is related to an attack you are receiving it might be worth checking: - To see which ports are actively being probed/attack: http://isc.incidents.org/ or http://www.dshield.org/ (https://analyzer.securityfocus.com/ seems to have had this info previously but does not seem to make it public anymore). More specifically: http://isc.incidents.org/top10.html - To see what service might be associated to a given port check http://www.portsdb.org/ Unfortunately a search in any of these regarding 12980 didn't return a thing so you might want to report it to ISC. Regards Javi
port 12980/udp
Hi, today i saw lot of connection attemps to port 12980 on my machine. Because that are many[1] and they came from different hosts i am wondering what is going on here. Arne [1] [EMAIL PROTECTED]/var/log$ grep "Aug 3" kern.log | grep 12980 | wc -l 628 Aug 3 22:55:12 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=213.73.130.155 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=120 ID=275 PROTO=UDP SPT=7051 DPT=12980 LEN=27 Aug 3 22:55:34 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=62.254.52.36 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=53 ID=55307 PROTO=UDP SPT=4229 DPT=12980 LEN=27 Aug 3 22:55:52 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.225.196.178 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=123 ID=34911 PROTO=UDP SPT=36249 DPT=12980 LEN=27 Aug 3 22:56:24 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.32.112.176 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=115 ID=4314 PROTO=UDP SPT=10128 DPT=12980 LEN=27 Aug 3 22:56:34 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=210.55.27.226 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=107 ID=58687 PROTO=UDP SPT=7019 DPT=12980 LEN=27 Aug 3 22:56:57 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=62.254.52.36 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=53 ID=61300 PROTO=UDP SPT=4229 DPT=12980 LEN=27 Aug 3 22:57:15 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=62.254.52.36 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=53 ID=62617 PROTO=UDP SPT=4229 DPT=12980 LEN=27 Aug 3 22:57:35 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=62.4.20.123 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=117 ID=23947 PROTO=UDP SPT=7396 DPT=12980 LEN=27 Aug 3 22:57:49 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.82.151.103 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=123 ID=56810 PROTO=UDP SPT=4661 DPT=12980 LEN=27 Aug 3 22:58:12 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=62.254.52.36 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=53 ID=64281 PROTO=UDP SPT=4229 DPT=12980 LEN=27 Aug 3 22:58:28 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=212.186.151.130 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=114 ID=41198 PROTO=UDP SPT=5967 DPT=12980 LEN=27 Aug 3 22:58:48 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.228.174.45 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=123 ID=25339 PROTO=UDP SPT=64982 DPT=12980 LEN=27 Aug 3 22:59:18 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.157.176.206 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=118 ID=60022 PROTO=UDP SPT=18250 DPT=12980 LEN=27 Aug 3 22:59:28 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=195.38.100.17 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=116 ID=23627 PROTO=UDP SPT=12507 DPT=12980 LEN=27 Aug 3 22:59:47 r2d2 kernel: Sonstiges:IN=ppp0 OUT= MAC= SRC=217.81.191.181 DST=217.229.136.79 LEN=47 TOS=0x00 PREC=0x00 TTL=124 ID=65482 PROTO=UDP SPT=3446 DPT=12980 LEN=27