Re: Broadcasting on port 31337?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 09 May 2005 14:27, Mike Klinke wrote:
> Broadcasting what? Â
>
> Run tcpdump/windump or a similar packet capture utility on your lan
> to capture the data. ÂJust because you have a PC, Linux or Win,
> that uses a particular ephemeral port for outgoing connections is
> not an indication of something wrong. ÂNormally a PC will increment
> it's port usage and wrap around at port 65535 and begin again so
> it's going to run past all ephemeral ports eventually.

It looks like my laptop was sending packets from 31337 to port 36949 on 
another machine.  The curious thing, though, is that the other machine is my 
server at home, which I check regularly for my e-mail.  The events were last 
Thursday, and it happened twice.

Nevertheless, our IT guy insists that my laptop has been compromised.  I've 
done chkrootkit on it and tightened down the firewall even more, but I can't 
find anything odd about it.  My logs show no activity on that port for that 
date, but I wouldn't expect to see any.

-- 
Richard S. Crawford
http://www.mossroot.com

Attachment: pgpreRsO5eMRn.pgp
Description: PGP signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux