Broadcasting on port 31337?
Richard Crawford
rscrawford at mossroot.com
Mon May 9 21:53:04 UTC 2005
On Monday 09 May 2005 14:27, Mike Klinke wrote:
> Broadcasting what?
>
> Run tcpdump/windump or a similar packet capture utility on your lan
> to capture the data. Just because you have a PC, Linux or Win,
> that uses a particular ephemeral port for outgoing connections is
> not an indication of something wrong. Normally a PC will increment
> it's port usage and wrap around at port 65535 and begin again so
> it's going to run past all ephemeral ports eventually.
It looks like my laptop was sending packets from 31337 to port 36949 on
another machine. The curious thing, though, is that the other machine is my
server at home, which I check regularly for my e-mail. The events were last
Thursday, and it happened twice.
Nevertheless, our IT guy insists that my laptop has been compromised. I've
done chkrootkit on it and tightened down the firewall even more, but I can't
find anything odd about it. My logs show no activity on that port for that
date, but I wouldn't expect to see any.
--
Richard S. Crawford
http://www.mossroot.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050509/5c9ef38b/attachment-0001.sig>
More information about the fedora-list
mailing list