Re: logging with firehol

To: debian-firewall@lists.debian.org
Subject: Re: logging with firehol
From: Christian Schuerer <csw@xray.at>
Date: Fri, 28 May 2004 18:59:11 +0200
Message-id: <[🔎] 200405281859.11850.csw@xray.at>
In-reply-to: <[🔎] 1085762650.24012.17.camel@nadia>
References: <[🔎] 20040528155923.GC2693@resivo.mejo.net> <[🔎] 1085762650.24012.17.camel@nadia>

On Friday 28 May 2004 18:44, strawks wrote:
> 62.99.78.133 tries to connect on port 445 and 213.10.237 tries to
> connect on port 5554 and 9898.
>
> These connections are blocked by the firewall and that's why they are
> logged in syslog, but I don't why you got this often.

Port 445: microsoft-ds - Win2k+ Server Message Block

Port 5554: sgi-esphttp - SGI ESP HTTP

Could be the sasser worm: (quote from 
http://seclists.org/lists/bugtraq/2004/May/0043.html)

It has been reported thru various channel that the Sasser Worm uses the
same port 5554/tcp as SGI Embedded Support Partner (ESP) web server,
which is enabled by default on current SGI IRIX and SGI Altix systems [...]

Port 9898: monkeycom - MonkeyCom (don't know what this could be, maybe a p2p 
program)

Greetings,

   Christian

Reply to:

References:
- logging with firehol
  - From: Jonas Meurer <jonas@freesources.org>
- Re: logging with firehol
  - From: strawks <strawks@yahoo.fr>

Prev by Date: Re: logging with firehol
Next by Date: Re: logging with firehol
Previous by thread: Re: logging with firehol
Next by thread: Re: logging with firehol
Index(es):
- Date
- Thread