>From owner-ids@uow.edu.au Thu Mar 23 14:07:21 1995 > >A review of the logs of my own intrusion detection system shows that >DOCKMASTER.NCSC.MIL attempted to connect to port 2939 on my home system >(which obviously isn't maestro.com) ten times in a two minute period at >3.54 p.m. on March 20th. Don't know how I missed that on Monday. > >Question 1. What is port 2939 for? It isn't mentioned in any FAQ. its down in user land. no real significance in itself. to venture a guess I'd expect either an encrypted telnet (assuming a good guy trying to connect to your host after being invited; or someone publishing the fact that you had some service running there) or a telnet bouncer/telnet backdoor (assuming you were broken into in the past and bad-guy left one running). > > >Question 2. Who do I report this to? This isn't a joke. I deeply >resent this governmental attempt to invade my privacy. What country are you in? CERT, FBI, or root@DOCKMASTER.NCSC.MIL would be good places to start. ======================================================================= Brad Powell : brad.powell@Sun.COM | | Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI ENS Network Security Group | and Consultant Sun Microsystems Inc. | ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================