/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Well, a quick search on Google comes up with a couple of links, e.g.
http://advice.networkice.com/Advice/Exploits/Ports/27374/default.htm
<<<
Port 27374
(TCP) This is one of the most commonly probed ports on the Internet right now, due
to its inclusion within the SubSeven Trojan. The reason it is so sommon is that
SubSeven provides the ability to tell a compromised system to scan on its behalf.
This allows cr/hackers to scan with impunity.
>>>
-Joe
Phil N wrote:
>
> I have been seeing the exact same thing on the RoadRunner segment I am
> attached to at home. It's been going on for over a year and I haven't been
> able to get anyone to tell me who/what it is. I see it and ignore it.....
>
> BTW, I think that the source port (1169) is arbitrary, it's the destination
> that is significant.....
>
> Phil
>
> > Dec 20 00:12:10 firewall kernel: Packet log: input REJECT eth1 PROTO=6
> > 24.190.9.93:1169 24.191.246.159:27374 L=48 S=0x00 I=62197 F=0x4000 T=123 SYN
> > (#77)
> >
> > What is port 1169 and why is it probing my port 27374? Should I be concerned
> > about this kind of crap? Should I stop logging it?
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
