RE: port 12980/udp
Higher up ports like that are usually dynamically assigned for two-way
connections, for instance, when I run bitchX and connect to openprojects.net
#Debian, I get one or two connections back to my machine. You can use
netstat to determine which program is currently listening on a given port.
When I connect to an IRC server the connection going out on that machine is
6667, but the returning connection, which is for data coming back I suppose,
is on a different high numbered port. perhaps UDP? Hope this helps. Check
the netstat manpage
D
-----Original Message-----
From: Javier Fernández-Sanguino Peña [mailto:jfs@computer.org]
Sent: Monday, August 05, 2002 5:51 AM
To: Arne Schwabe
Cc: debian-security@lists.debian.org
Subject: Re: port 12980/udp
On Sat, Aug 03, 2002 at 11:00:36PM +0200, Arne Schwabe wrote:
> Hi,
>
> today i saw lot of connection attemps to port 12980 on my
> machine. Because that are many[1] and they came from different hosts i
> am wondering what is going on here.
>
> Arne
>
> [1]
> arne@r2d2/var/log$ grep "Aug 3" kern.log | grep 12980 | wc -l
> 628
>
This questions are starting to become somewhat of a FAQ.
My answer is, if you do not know what port is related to an attack you
are receiving it might be worth checking:
- To see which ports are actively being probed/attack:
http://isc.incidents.org/ or http://www.dshield.org/
(https://analyzer.securityfocus.com/ seems to have had this
info previously but does not seem to make it public
anymore). More specifically: http://isc.incidents.org/top10.html
- To see what service might be associated to a given port check
http://www.portsdb.org/
Unfortunately a search in any of these regarding 12980
didn't return a thing so you might want to report it to ISC.
Regards
Javi
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: