[ale] watching traffic
Kevin Krumwiede
krum at smyrnacable.net
Tue Apr 16 00:02:06 EDT 2002
Try the Firewall Forensics FAQ:
http://www.robertgraham.com/pubs/firewall-seen.html
Also note that sometimes packets coming into high port numbers may
simply be leftover junk from an outgoing connection that your computer
has closed but which the other end still thinks is open. What kind of
packets are coming to these ports? Actual incoming connection attempts
will be TCP "SYN" packets.
Krum
On Mon, 2002-04-15 at 22:17, Cade Thacker wrote:
> Evening,
> I just installed the LogView software that come with my Linksys router. It
> is kinda neat seeing who is coming from where. But my question is that I
> am seeing some strange incoming attempts (suprise, suprise), but the port
> numbers do not seem familar. Does anyone know a good page that tells what
> ports crackers are know to use or look for?
>
> These have shown up just in the last 20 minutes.
>
> the nslookups are out to the right.
>
> 209.73.225.68 :7104
> 216.249.24.120 :1720
> 64.236.16.136 :4008 (i3.cnn.net)
> 65.197.236.51 :1245
> 152.163.226.70 :1950 (wads-r06b.blue.aol.com)
> 209.249.123.231:1249 (a209-249-123-231.deploy.akamaitechnologies.com)
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list