[Dshield] Scans on ports 49147 and 49148

Clint Byrum cbyrum at erp.com
Fri Mar 1 00:00:05 GMT 2002


On Thu, 2002-02-28 at 13:57, Stigers, David wrote:
> I've seen this attempt on our firewall today and do not see the neo ports
> listing for this port. If someone knows what this is I'd appreciate the
> info. 

Searched my logs for the last 2 months. Nothing to those ports.

> 
> 02/28/02 07:46  firewalld[105]:  deny in eth0 40 tcp 20 112 172.26.137.8
> 66.147.xxx.xx 9009 49148 rst (blocked site)
> 02/28/02 07:46  firewalld[105]:  deny in eth0 40 tcp 20 112 172.26.137.10
> 66.147.xxx.xx 9009 49147 rst (blocked site)
> 

172.26.137.8 is a private address just like 10.x.x.x and 192.168.x.x .
172.16.0.0 - 172.31.255.255 are reserved for private class B's(the RFC
number slips my mind at the moment). Kind of odd that they would send
you RST's. Does that 9009 mean its from port 9009? I'm not familiar with
that log format.





More information about the list mailing list