[lug] UDP Port 515
D. Stimits
stimits at idcomm.com
Wed Mar 7 12:24:10 MST 2001
"Stephen G. Smith" wrote:
>
> So do the "r" commands broadcast something across a local net?
> ISP says can't stop it..
> Am I just being paranoid?
Some machines might broadcast an rwall command that your system would
ignore. But in most cases it is worth being paranoid with, since rlogin
and rsh are a serious threat. If your system gives out user names with
rwhod (aside from localhost), it is information that is useful to
hackers (I block rwho from the outside world, but allow it from
localhost to localhost). Some of the "r" related "wall" or "who" might
be innocent, but anything else is very suspicious.
D. Stimits, stimits at idcomm.com
>
> SGS
>
> >From: "Scott A. Herod" <herod at interact-tv.com>
> >Reply-To: lug at lug.boulder.co.us
> >To: lug at lug.boulder.co.us
> >Subject: Re: [lug] UDP Port 515
> >Date: Wed, 07 Mar 2001 12:38:57 -0700
> >MIME-Version: 1.0
> >Received: from [216.17.175.194] by hotmail.com (3.2) with ESMTP id
> >MHotMailBC6FCAE400394004320CD811AFC2094A0; Wed Mar 07 10:37:26 2001
> >Received: (qmail 4192 invoked from network); 7 Mar 2001 18:36:08 -0000
> >Received: from localhost (HELO community.tummy.com) (mailman at 127.0.0.1) by
> >localhost with SMTP; 7 Mar 2001 18:36:08 -0000
> >Received: (qmail 4059 invoked from network); 7 Mar 2001 18:35:45 -0000
> >Received: from www.tummy.com (HELO tummy.com) (qmailr at 216.17.150.34) by
> >lug.boulder.co.us with SMTP; 7 Mar 2001 18:35:45 -0000
> >Received: (qmail 6797 invoked by alias); 7 Mar 2001 18:35:45 -0000
> >Received: (qmail 6794 invoked from network); 7 Mar 2001 18:35:44 -0000
> >Received: from interact-tv.com (HELO linux1.interact-tv.com)
> >(206.168.218.210) by www.tummy.com with SMTP; 7 Mar 2001 18:35:44 -0000
> >Received: from interact-tv.com (IDENT:herod@[208.139.196.38])by
> >linux1.interact-tv.com (8.9.3/8.8.7) with ESMTP id LAA02118for
> ><lug at lug.boulder.co.us>; Wed, 7 Mar 2001 11:43:33 -0800
> >From lug-admin at lug.boulder.co.us Wed Mar 07 10:38:23 2001
> >Return-Path: <blugdom-lug-owner at lug.boulder.co.us>
> >Delivered-To: mailman-lists.lug.boulder.co.us-lug at lists.lug.boulder.co.us
> >Delivered-To: blugdom-lug at lug.boulder.co.us
> >Message-ID: <3AA68E51.CA2A4588 at interact-tv.com>
> >Organization: interact-TV
> >X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.14-5.0 i686)
> >X-Accept-Language: en
> >References:
> ><847149345485D411AFD300D0B76DED6F9B749E at csbu-exch.circadence.com>
> >Sender: lug-admin at lug.boulder.co.us
> >Errors-To: lug-admin at lug.boulder.co.us
> >X-BeenThere: lug at lug.boulder.co.us
> >X-Mailman-Version: 2.0beta5
> >Precedence: bulk
> >List-Id: Boulder (Colorado) Linux Users Group -- General Mailing List
> ><lug.lug.boulder.co.us>
> >
> >Yep. See http://www.cert.org/tech_tips/packet_filtering.html
> >
> >Scott
> >
> >"Atkinson, Chip" wrote:
> > >
> > > Is that the rlogin port?
> > >
> > > > -----Original Message-----
> > > > From: Stephen G. Smith [mailto:ss2chef at hotmail.com]
> > > > Sent: Wednesday, March 07, 2001 11:28 AM
> > > > To: lug at lug.boulder.co.us
> > > > Subject: [lug] UDP Port 515
> > > >
> > > >
> > > > A host on my upstream is doing a scan to UDP port 513 every
> > > > 3 minutes..
> > > >
> > > > What is he looking for?
> > > > the scans are blocked but am wondering why that port?
> > > >
> > > > SGS
> >_______________________________________________
> >Web Page: http://lug.boulder.co.us
> >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list