[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] watching traffic

Subject: [ale] watching traffic
From: krum at smyrnacable.net (Kevin Krumwiede)
Date: 16 Apr 2002 00:02:06 -0400

Try the Firewall Forensics FAQ:
http://www.robertgraham.com/pubs/firewall-seen.html

Also note that sometimes packets coming into high port numbers may
simply be leftover junk from an outgoing connection that your computer
has closed but which the other end still thinks is open.  What kind of
packets are coming to these ports?  Actual incoming connection attempts
will be TCP "SYN" packets.

Krum

On Mon, 2002-04-15 at 22:17, Cade Thacker wrote:
> Evening,
> I just installed the LogView software that come with my Linksys router. It
> is kinda neat seeing who is coming from where. But my question is that I
> am seeing some strange incoming attempts (suprise, suprise), but the port
> numbers do not seem familar. Does anyone know a good page that tells what
> ports crackers are know to use or look for?
> 
> These have shown up just in the last 20 minutes.
> 
> the nslookups are out to the right.
> 
> 209.73.225.68  :7104
> 216.249.24.120 :1720
> 64.236.16.136  :4008  (i3.cnn.net)
> 65.197.236.51  :1245
> 152.163.226.70 :1950 (wads-r06b.blue.aol.com)
> 209.249.123.231:1249 (a209-249-123-231.deploy.akamaitechnologies.com)



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] Announcement ALE NW meeting
Next by Date: [ale] MS Propaganda representative
Previous by thread: [ale] watching traffic
Next by thread: [ale] watching traffic
Index(es):
- Date
- Thread