Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
External packets from localhost
  • From: "Hemsley, Trevor" <Trevor.Hemsley@xxxxxxxxxxxxxx>
  • Date: Fri, 7 Nov 2003 15:43:32 -0000
  • Message-id: <3413F0971346C94DB7850A65E070EFAB71FB64@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Has anyone else noticed a large number of packets arriving on their external interfaces recently where the source address is 127.0.0.1? Over the past day and a half I've seen 300 packets with destination ports between 1001 and 1994 with the most widely used ones being 1770, 1869, 1514, 1274, 1001 and 1256. Looking back through my logs, it seems that this started happening at the beginning of September and has been getting worse in each log file since that date.

Looks most weird and I can't think of anything legitimate that could be doing it.

Trevor Hemsley,
Security Specialist,
Atos Origin Ltd,
Whyteleafe,
+44-(0)1883-628139

[This e-mail and the documents attached are confidential and intended solely for the addressee ; it may also be privileged . If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.]



< Previous Next >
This Thread
  • No further messages