|
Security Incidents
mailing list archives
33270:trinity connection form port 80 to local machine on port
From: Bradley Filmer <bfilmer () ims telstra com au>
Date: 31 Oct 2001 16:11:43 +0800
I am curious as to what this might be, I am seeing hits in my iptables
logs after visiting certain websites.. mainly
Oct 29 09:26:15 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=64.28.67.70 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=46
ID=16970 DF PROTO=TCP SPT=80 DPT=33270 WINDOW=15180 RES=0x00 ACK SYN
URGP=0
This is netbsd.org
Oct 30 11:35:47 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=64.58.76.98 DST=my.adr.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=48
ID=9741 DF PROTO=TCP SPT=443 DPT=33270 WINDOW=16560 RES=0x00 ACK SYN
URGP=0
This is yahoo groups.
Oct 31 09:01:41 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=204.152.186.171 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=51
ID=23555 PROTO=TCP SPT=80 DPT=33270 WINDOW=32768 RES=0x00 ACK SYN URGP=0
This is mysql.org
Always 5 hits and I cant tell you how long after. I have checked port
33270 trinity on my machine and the local subnet for the trinity ddos
with nothing found.
Is this just a false negative or am I seeing something more ominous....
Cheers for any inforamtion re-assurance
--
Bradley Filmer
Looking for paranoia in all the right places
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- 33270:trinity connection form port 80 to local machine on port Bradley Filmer (Oct 31)
| 
Intro
