Mailinglist Archive: opensuse (1784 mails)

[jerrykreps@xxxxxxxxxxx (Jerry Kreps)]

From: Jerry Kreps <jerrykreps@xxxxxxxxxxx>
Date: Fri, 22 Dec 2000 21:11:41 -0600
Message-Id: <00122221114101.00862@JLKreps>
Subject: Re: [SLE] Is this TCP activity normal?



How about a wild guess:  W2K and it's various sublicense holders are reporting back every so often.
??
JLK

<p>On Friday 22 December 2000 20:48, Robert C. Paulsen Jr. wrote:
> Hello,
>
> I just ran tcpdump and noticed lots of activity that looks
> suspicious. Here is a small sample:
>
> ===================================================================
>================================================ 20:30:29.593736
> ns3.texas.net.domain > home.paulsen.org.clvm-cfg: 23921* 1/2/2 PTR
> fes-d004.icq.aol.com. (181) (DF) 20:30:29.594559
> home.paulsen.org.clvm-cfg > ns3.texas.net.domain: 23922+ PTR?
> 3.0.207.207.in-addr.arpa. (42) 20:30:29.665101 ns3.texas.net.domain
> > home.paulsen.org.clvm-cfg: 23922* 1/2/2 PTR ns3.texas.net. (158)
> (DF)
> ===================================================================
>================================================
>
> "home.paulsen.org" is my host. It is actually on a class-c
> network (192.168.0.1) connected to the Internet via a windows 2K
> system with a cable modem (roadrunner).
>
> I don't know what cvlm-cfg is, but this shows up several times
> every minute or so.  clvm-cfg is port number 1476.
>
> I also saw activity on several "nearby" ports:
> genie-lm        1453/tcp                        # Genie License
> Manager genie-lm        1453/udp                        # Genie
> License Manager interhdl_elmd   1454/tcp                        #
> interHDL License Manager interhdl_elmd   1454/udp                  
>      # interHDL License Manager esl-lm          1455/tcp           
>             # ESL License Manager esl-lm          1455/udp         
>               # ESL License Manager world-lm        1462/tcp       
>                 # World License Manager world-lm        1462/udp   
>                     # World License Manager msl_lmd        
> 1464/tcp                        # MSL License Manager msl_lmd      
>   1464/udp                        # MSL License Manager pipes      
>     1465/tcp                        # Pipes Platform pipes         
>  1465/udp                        # Pipes Platform 
> mfarlin@xxxxxxxxxxxxx csdmbase        1467/tcp                     
>   # CSDMBASE csdmbase        1467/udp                        #
> CSDMBASE aal-lm          1469/tcp                        # Active
> Analysis Limited License Manager aal-lm          1469/udp          
>              # Active Analysis Limited License Manager csdmbase    
>    1471/tcp                        # csdmbase csdmbase       
> 1471/udp                        # csdmbase csdm            1472/tcp
>                        # csdm
> csdm            1472/udp                        # csdm
> openmath        1473/tcp                        # OpenMath
> openmath        1473/udp                        # OpenMath
> telefinder      1474/tcp                        # Telefinder
> telefinder      1474/udp                        # Telefinder
> taligent-lm     1475/tcp                        # Taligent License
> Manager taligent-lm     1475/udp                        # Taligent
> Licen
>
> I saw all wthe above in tcpdump output, in sequential order.  There
> are a few gaps in the list, but that's only because I didn't make a
> complete record of what was happening. clvm-cfg is the next one on
> the list.
>
> Should I be worried about a port scan?


-- 
Scientific theories, according to Sir Karl Popper, can be "falsified," or proven wrong, by experiment. 
Unscientific theories -Marxist dialectical history and Freudian psychology were Popper's favorites- 
are formed in such a way that they cannot be falsified by data.