On Sat, May 19, 2001 at 10:14:42AM +0100, Karl E. Jorgensen wrote: > Recently, logcheck alerted me to the following in my logs (sorry > about the long lines): [...] > But I am at loss to what port 500/udp is? By the timings, > (starting 30 seconds after connecting to my ISP), it actually > looks like my ISP is trying to send those packets to me (the > source IP is the other endpoint of my ppp connection). > > Any ideas out there? Where I can I find an authoritative list of > port numbers?
I don't know what port 500 is, but I saw something similar in my logs: May 18 04:03:40 xenophobe kernel: Packet log: input DENY eth1 PROTO=17 193.15.225.97:63760 63.203.219.82:500 L=772 S=0x00 I=35765 F=0x0000 T=113 (#36) There were 6 attempts, spaced less than 15 seconds apart. There's most likely a new Windows back door that runs port 500, and people are scanning for it. -B -- Brandon High [EMAIL PROTECTED] No occifer, I'm not under the affluence of incohol.
