Steve Scrimpshire Posted March 5, 2003 Report Share Posted March 5, 2003 Saw this in my /varlog/messages today: Mar 5 12:33:33 omar kernel: auditIN=ppp0 OUT= MAC= SRC=211.62.212.253 DST=65.150.205.108 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11883 DF PROTO=TCP SPT=1071 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 5 12:33:36 omar kernel: auditIN=ppp0 OUT= MAC= SRC=211.62.212.253 DST=65.150.205.108 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11884 DF PROTO=TCP SPT=1071 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 5 12:33:42 omar kernel: auditIN=ppp0 OUT= MAC= SRC=211.62.212.253 DST=65.150.205.108 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11885 DF PROTO=TCP SPT=1071 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 5 12:33:54 omar kernel: auditIN=ppp0 OUT= MAC= SRC=211.62.212.253 DST=65.150.205.108 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11886 DF PROTO=TCP SPT=1071 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 I'm assuming it's someone trying to connect to my port 21 (ftp) from port 1071 (bsquare-voip, whatever that is) . How do I decipher this? Is this a successful connection? Note: I discovered that ProFTP was running, but port 21 shows up as stealth at grc.com. Quote Link to comment Share on other sites More sharing options...
Guest GorGor Posted March 6, 2003 Report Share Posted March 6, 2003 Steve I have no idea but while you are waiting for a better reply check out your firewall and known backdoors at www.pcflank.com Most people here agree that www.grc.com is biased towards windows hope this helps Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted March 6, 2003 Author Report Share Posted March 6, 2003 Thanks...everything shows up as 'stealth' there, too. Bastille. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.