[ale] Port Numbers
Robert Heaven
robertheaven at mediaone.net
Sat Mar 24 15:19:40 EST 2001
My firewall blocks ALL incoming SYN connections... What makes you think my
system is infected just because 30 or 40 other systems are trying to connect
to me on port number 27347?
----- Original Message -----
From: Jonathan Rickman <infosec at alltel.net>
To: ale at ale.org
To: <ale at ale.org>
Sent: Saturday, March 24, 2001 12:33 PM
Subject: Re: [ale] Port Numbers
> On Sat, 24 Mar 2001, Robert Heaven wrote:
>
> > I have my Linux firewall set up to block, and log, any incoming SYN
packets. The format of the log message is:
> >
> > "date, stuff, his_IP:port, my_IP:port, otherstuff"
> >
> > One of the favorite port numbers in the "my_IP:port" portion seems to be
27374. Is there some significance to this port number?
> >
> > -Robert
> >
>
> Looks like the ramen worm got ya. Head on over to
>
> http://www.chkrootkit.org/
>
> and get the latest version of chkrootkit. Once you've confirmed it's
> existance, go to http://www.sans.org/y2k/ramen.htm nd download the removal
> tool.
>
> Good luck...
>
> --
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
>
>
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list