Hi, I'd like to know to which service these packets belong. I got if from ipchains kernel log in my machine:
Apr 11 12:43:10 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=93 S=0x00 I=8195 F=0x4000 T=240 (#12) Apr 11 12:43:22 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=49 S=0x00 I=8196 F=0x4000 T=240 (#12) Apr 11 12:44:08 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=49 S=0x00 I=65485 F=0x4000 T=240 (#12) Apr 11 12:44:32 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=94 S=0x00 I=65486 F=0x4000 T=240 (#12) Apr 11 12:44:38 milho kernel: Packet log: input ACCEPT eth1 PROTO=17 205.188.153.99:4000 200.183.58.81:62459 L=94 S=0x00 I=65487 F=0x4000 T=240 (#12) ... and some more like these... When I seek this port I get: #nmap -sU -p 62459 -v localhost WARNING: -sU is now UDP scan -- for TCP FIN scan use -sF Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) Host localhost (127.0.0.1) appears to be up ... good. Initiating FIN,NULL, UDP, or Xmas stealth scan against localhost (127.0.0.1) The UDP or stealth FIN/NULL/XMAS scan took 0 seconds to scan 1 ports. No ports open for host localhost (127.0.0.1) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds looking about the other IP: ---- $ whois 205.188.153.99 America Online, Inc (NETBLK-AOL-DTC) 22080 Pacific Blvd Sterling, VA 20166 US ---- I wasn't accessing any page from AOL at the time this log was written... Is there anything unsafe in my system??? anything to worry about? Thanks in advance, Pedro
