Re: logging with firehol
On Friday 28 May 2004 18:44, strawks wrote:
> 62.99.78.133 tries to connect on port 445 and 213.10.237 tries to
> connect on port 5554 and 9898.
>
> These connections are blocked by the firewall and that's why they are
> logged in syslog, but I don't why you got this often.
Port 445: microsoft-ds - Win2k+ Server Message Block
Port 5554: sgi-esphttp - SGI ESP HTTP
Could be the sasser worm: (quote from
http://seclists.org/lists/bugtraq/2004/May/0043.html)
It has been reported thru various channel that the Sasser Worm uses the
same port 5554/tcp as SGI Embedded Support Partner (ESP) web server,
which is enabled by default on current SGI IRIX and SGI Altix systems [...]
Port 9898: monkeycom - MonkeyCom (don't know what this could be, maybe a p2p
program)
Greetings,
Christian
Reply to: