ipchains log (62459 UDP port)
Hi,
I'd like to know to which service these packets belong. I got if from ipchains kernel log in my machine:
Apr 11 12:43:10 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=93 S=0x00 I=8195 F=0x4000 T=240 (#12)
Apr 11 12:43:22 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=49 S=0x00 I=8196 F=0x4000 T=240 (#12)
Apr 11 12:44:08 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=49 S=0x00 I=65485 F=0x4000 T=240 (#12)
Apr 11 12:44:32 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=94 S=0x00 I=65486 F=0x4000 T=240 (#12)
Apr 11 12:44:38 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=94 S=0x00 I=65487 F=0x4000 T=240 (#12)
... and some more like these...
When I seek this port I get:
#nmap -sU -p 62459 -v localhost
WARNING: -sU is now UDP scan -- for TCP FIN scan use -sF
Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host localhost (127.0.0.1) appears to be up ... good.
Initiating FIN,NULL, UDP, or Xmas stealth scan against localhost (127.0.0.1)
The UDP or stealth FIN/NULL/XMAS scan took 0 seconds to scan 1 ports.
No ports open for host localhost (127.0.0.1)
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
looking about the other IP:
----
$ whois 205.188.153.99
America Online, Inc (NETBLK-AOL-DTC)
22080 Pacific Blvd
Sterling, VA 20166
US
----
I wasn't accessing any page from AOL at the time this log was written...
Is there anything unsafe in my system??? anything to worry about?
Thanks in advance,
Pedro
Reply to: