Fw: [ale] Port Numbers
Robert Heaven
robertheaven at mediaone.net
Sat Mar 24 16:40:44 EST 2001
I am happy to announce that "chkrootkit" did NOT find any infections.
----- Original Message -----
From: Robert Heaven <robertheaven at mediaone.net>
To: ale at ale.org
To: Jonathan Rickman <infosec at alltel.net>; <ale at ale.org>
Sent: Saturday, March 24, 2001 3:19 PM
Subject: Re: [ale] Port Numbers
> My firewall blocks ALL incoming SYN connections... What makes you think my
> system is infected just because 30 or 40 other systems are trying to
connect
> to me on port number 27347?
>
>
> ----- Original Message -----
> From: Jonathan Rickman <infosec at alltel.net>
> To: <ale at ale.org>
> Sent: Saturday, March 24, 2001 12:33 PM
> Subject: Re: [ale] Port Numbers
>
>
> > On Sat, 24 Mar 2001, Robert Heaven wrote:
> >
> > > I have my Linux firewall set up to block, and log, any incoming SYN
> packets. The format of the log message is:
> > >
> > > "date, stuff, his_IP:port, my_IP:port, otherstuff"
> > >
> > > One of the favorite port numbers in the "my_IP:port" portion seems to
be
> 27374. Is there some significance to this port number?
> > >
> > > -Robert
> > >
> >
> > Looks like the ramen worm got ya. Head on over to
> >
> > http://www.chkrootkit.org/
> >
> > and get the latest version of chkrootkit. Once you've confirmed it's
> > existance, go to http://www.sans.org/y2k/ramen.htm nd download the
removal
> > tool.
> >
> > Good luck...
> >
> > --
> > Jonathan Rickman
> > X Corps Security
> > http://www.xcorps.net
> >
> >
> >
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> body.
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list