[Dshield] Scans on port 3659?

André Costa brblueser at uol.com.br
Thu Nov 7 16:53:01 GMT 2002


Hi all,

I am new to this list and to firewall maintenance in general, so please bear
with any stupid thing I might say ;) Also, if this is not the right place
for such questions, please apologize and direct me somewhere else.

I have a dual boot machine here at home, with Win2k Pro and RH Linux 7.1
(kernel 2.4.19), connected to a cablemodem. I have Sygate Personal Firewall
on Win2k and iptables on Linux, both seem to be working fine.

For the last two days I've been blocking TCP scans on my port 3659 like
hell. These seem to come from different ports on the same machines as in:
(taken from exported SPF logs)

[snip]
1476    11/07/2002 13:33:16     Blocked TCP     Incoming
200.168.1.105   3950    200.255.184.111 3659            3       11/07/2002
13:32:05     11/07/2
002 13:32:14    Block_all
1478    11/07/2002 13:34:02     Blocked TCP     Incoming
200.168.1.105   3992    200.255.184.111 3659            3       11/07/2002
13:32:48     11/07/2
002 13:32:57    Block_all
1480    11/07/2002 13:37:28     Blocked TCP     Incoming
200.168.1.105   4069    200.255.184.111 3659            3       11/07/2002
13:36:18     11/07/2
002 13:36:27    Block_all
1481    11/07/2002 13:38:09     Blocked TCP     Incoming
200.168.1.105   4095    200.255.184.111 3659            3       11/07/2002
13:36:54     11/07/2
002 13:37:03    Block_all
1482    11/07/2002 13:38:29     Blocked TCP     Incoming
200.168.1.105   4117    200.255.184.111 3659            3       11/07/2002
13:37:17     11/07/2
002 13:37:26    Block_all
1483    11/07/2002 13:38:50     Blocked TCP     Incoming
200.168.1.105   4139    200.255.184.111 3659            3       11/07/2002
13:37:37     11/07/2
002 13:37:46    Block_all
[snip]

But it also comes from different sources as well (many times a day,
sometimes a few minutes apart).

I tried Google for info on recent activity on this port, but found nothing.
No luck here either:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html

Anybody out there experiencing the same? Should I report it somewhere?

TIA,

Andre


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002




More information about the list mailing list