Dennis Soper wrote:
> Since I starting logging everything that gets dropped by my firewall,
> I've noticed I'm getting probed at least a coupla times a day at
> clipper.net. Mostly ident and NetBIOS probes, but also port 80 (I'm
> not running a web server), and port 50-- whatever the heck that
> one's for.
/etc/services says:
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
I found RFC 1339 which describes the remote mail protocol for UDP --
presumably it's been extended to TCP without the benefit of an RFC.
http://sunsite.auc.dk/RFC/rfc/rfc1339.html
It sounds to me like you'd be listening on port 50 if you were running
a POP server, and it also sounds like it's be a handy way for spammers
to test guessed email addresses (though they'd have to use it a lot,
not twice a day).
--
K<bob>
[EMAIL PROTECTED], http://www.jogger-egg.com/
