From: David Vestal (dk_vestalseznam.cz)
Date: Tue Oct 07 2003 - 19:56:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While monitoring my firewall I noticed a lot of incoming tcp packets to
port 17888. All were dropped, so there has been no damage or intrusion.
I fired up tcpdump and let it catch all the packets for 2 hours and
using ethereal I found 11105 packets from approx. 30 different sources.
All packets had the SYN flag and most of the time there were 3 packets
from the same source port. Many of the source ip's had attempts from
numerous different ports. Google returned information on "netlet" when
queried for "tcp 17888". I am not familiar with netlet, it seems to me
to be some type of rpc.

Since it seems to be rpc my guess is someone looking for another machine
to own. I am on an aDSL connection and after the 2 hours of logging with
tcpdump I shut down the connection and restarted it after 15 minutes and
have so far not had this scanning again.

I was wondering if anyone would know what this might be. If anymore
information is necessary just let me know. Thanks.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]