Hey, Although the source ports are GENERALLY selected by random it is possible to specify the source port. You should look for who is spawing the process creating this connection....has it only happened once or is it happening more than once? If it has happened more than once you should try logging all process commands for a small duration. It is pretty high on resources and you will loose a significant amount of space though it is very worth while. >From memory lastcomm is a good choice?
Iain McAleer ----- Original Message ----- From: "AFE" <[EMAIL PROTECTED]> To: "Jim Meier" <[EMAIL PROTECTED]>; "Matthew Cline" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, December 07, 2001 9:05 AM Subject: Re: Outgoing connection to port 6000 from port 25... > Hi > User level client applications (i think) are not allowed to use ports lower > than 1024. > So you may have some reason to think so... > > Regards > > ----- Original Message ----- > From: "Jim Meier" <[EMAIL PROTECTED]> > To: "Matthew Cline" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: 06 December 2001, Thursday 10:38 > Subject: Re: Outgoing connection to port 6000 from port 25... > > > > On Tue, 2001-12-04 at 04:45, Matthew Cline wrote: > > > I have my firewall setup to stop and log attempts to connect to external > X > > > servers, and this caught three attempts (all in the same second) to > connect > > > to destination port 6000, from a source port of 25 (SMTP). I don't > think > > > that my qmail server would attempt to make such a connection. Have I > been > > > rooted? > > > > > > > Source ports do not map the destination ports - they are selected at > > random from any available. There is no reason think you've been hacked, > > on this evidence. > > > > Do your logs show the originating ip? > > > > -Jim > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com >
