On Thursday 05 December 2002 00.51, Carlos E. R. wrote:
I use a modem connection, which usually lasts few minutes, and of course, on different IP numbers each time. However, these days I'm observing an unusual number of failed attempts to enter my PC (what for, I wonder?). Usually they go to port 137 (Netbios), some to ident, but recently I'm seeing attempts to port 5327 from different hosts.
What the h**k is port 5327 used for? It is not listed in /etc/services.
The only other instances I can find in a google search are also from people in Spain. They say it's their ISP that scans the port. Could that be true in your case also? Could it be that you all have the same ISP, and that you were issued some windows based software that listens on that port?! Just a thought. 193.152.43.8 belongs to Telefonica De Espana SAU, Red de servicios IP, Spain
Usually, the firewall reject them, but you can see in the log below it accepted some packets (although there was no response, according to iptraf), and that worries me a little. Why some times the firewall accepts them, and some times reject them? (that's the OT question O:-) by the way)
Do you have examples of port 5327 being REJECTed? From the log you posted it just looks like you're allowing high ports in your firewall, but blocking the low ports. Nothing surprising there, most firewalls separate ports < 1024 and ports >=1024. The former are supposed to be used by services, while the latter are supposed to be used by user programs. It's not really true anymore, but the distinction lives on, especially in unix based systems.