Hi Andreas, hi folks Andreas Fiesser wrote:
. . .<snip> Now I lately looked in the /var/log/messages and found masses of: --------------------------------------------------------- Oct 24 06:30:54 februar kernel: Packet log: input DENY ppp0 PROTO=6 61.210.24.153:61479 217.80.104.240:6680 L=48 S=0x00 I=64130 F=0x4000 T=108 SYN (#77)
1) From /my/ mail of 29-aug-2001 Hi all! Don't know if this (ever) been told to the list -- apologies, if everyone knows, if not it may be helpful for _all_ queries to log entries. If noticed the following link on another mailing-list (I'm subscribed to): http://www.echogent.com/cgi-bin/fwlog.pl *** ! simply put in (cut&paste) one of your log entries and get the result ! *** Didn't have (enough) time to verify if it's (really) resolving _all_ queries, but: a) all queries I've made, made sense in my cases and: b) I assume, they did a REALLY GOOD WORK (and are going on!!)!! 2) there are several sites, where you can search e.g. for Port 6680 (google is your friend -- hehe!) -- as it's in the range of the /registered/ ports [1024-49151] maybe it's a good point to start with the _normal_ use of the port??!! If the docs (IANA / RFC's) shows it as /unassigned/ you can be sure(?) that there's no _/*normal*/_ use! 3) have a look at those websites, that have listed the 'known trojan-ports, ...' (again google is your friend!) 4) look at every Win-box ( netstat -a ; netstat -? gives a short explanation for the possible options), to find out /who/ is waiting for connections on that port! 5) search the archive of _this_ mailing-list if anyoneelse refers to that port 6) ... 7) ... ok, ok maybe it's not what you've expected, but nevertheless HTH ;-) -- best greetings from Solingen /GERMANY Dieter Hürten